CISOs measure teleworkers security risks

Despite some not-so-secure security practices by its mobile workers and some recent data breaches staring them in the face, many Federal Chief Information Security Officers (CISOs) say problems lie in training not the growth of official telework programs.

In a Telework Exchange survey of 35 CISO's 63% said their top security priority was securing mobile computers. Ninety-four percent of those CISO's said teleworkers in an official program are not a data security concern. Still they are very concerned about certain issues.

* What represents the most serious data security threat?

- Lack of data security training for all employees 37%

- Lack of appropriate data security tools/technologies 26%

- Employees working at home at nights/on weekends outside an official telework program 23%

- Wireless networks 9%

In addition, they are aware of some not-so-secure activities by their telecommuters.

* What percent of CISOs believe the following practices are common in their agencies?

- Carry files home on floppy disks

USB drives 37%

- Bring files home on laptop hard drives 23%

- Carry physical files home 9%

The survey found that 83% of the CISOs said telework programs do not interfere with meeting the Federal Information Security Management Act, security requirements.

The "Remote Control - Federal CISOs Dish on Mobility, Telework and Data Security," survey interviewed 35 of the 117 CISOs in the Federal government and was sponsored by Hewlett Packard.

Recently some high profile government data breaches have made many question how secure some agencies are. Recently the personal health care records of nearly 900,000 troops, family members and other government employees stored on an a private defense contractor's - SAIC - nonsecure computer server were exposed to compromise.

This month the California Public Employees' Retirement System sent out letters of apology to about 445,000 state retirees after inadvertently printing their Social Security numbers on brochures announcing an upcoming election at the state pension fund. The privacy breach happened after an employee inadvertently sent a disk containing Social Security numbers to the printer responsible for printing the brochures. The disk was only supposed to contain the names and addresses of the individuals getting the brochures.

Then you may recall the Veterans Administration laptop and computer storage device containing the names, Social Security Numbers and dates of birth of all veterans discharged since 1975 were stolen from a VA employee's home last year, exposing data from 26.5 million veterans.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

IT Salary Survey: The results are in