A recent study by Telework Exchange (a public-private partnership focused on telework), and Hewlett-Packard, aimed to shed light on federal government CISOs' perceptions of telework, mobility and data security.
The study dispels myths that telework and data security are incompatible. An overwhelming majority — 94 percent of CISOs — do not consider official telework a security threat.
Past Telework Exchange research indicates that teleworkers are indeed secure and remain in tune with agencies' data security procedures. However, “unofficial teleworkers,” those who work at home on nights or weekends on an unofficial basis, represent agencies' data security Achilles' heel. These employees access and move data in uncontrolled environments, remaining a high liability for federal agencies.
Managing security in an increasingly mobile agency computing environment is a number one priority for CISOs. Calling for a standards-based approach, some 83 percent of federal CISOs express strong interest in FISMA-compliant mobile endpoint certification.
The majority of federal CISOs believe security problems stem from a lack of employee training. To overcome these issues, CISOs recommend ensuring all employees, regardless of telework status, receive mobile data security training. CISOs propose conducting agency-wide audits to understand the full population of employees who work from locations other than their primary worksite.