Opinion: 8 Growing Risks of Employee Home Offices

1 2 Page 2
Page 2 of 2

Eight Risks

There are at least eight cracks in the armor that have just gotten wider with the growing surge of home work:

  1. Corporate laptops in transit home. Read the crime section of your local paper, and what do you see these days? Line after line of laptops and GPS devices stolen from vehicles. Despite a wave of laptop-encryption initiatives over the past two years, many employees are still taking home unencrypted laptops containing sensitive personal information.
  2. USB drives in transit home. With the decreasing sizes and increasing speeds of these devices, expect to see more lost flash drives prompting security-breach notifications in the near future.
  3. Lost personal BlackBerries and Treos. People have put great trust in the security of how their handheld e-mail messages are transmitted and stored. Find somebody's BlackBerry, and you have access to his deals, contacts, calendar and e-mail attachments.
  4. Unprotected home computers. Twenty dollars to the first person who can name a Fortune 1,000 company that has assured that even 10% of its employees' home computers meet corporate policies for antivirus, spyware, personal firewall and peer-to-peer settings.
  5. Unprotected home networks. Ditto for employees' home wireless network settings.
  6. Unprotected files in home e-mail accounts. Which companies store sensitive information from every large company on earth? Yahoo, Google, Microsoft and AOL. But would these e-mail programs meet your company's password, encryption and retention standards?
  7. Unsecured documents in home offices. Employees have locking cabinets at work for storing sensitive documents and shred bins for discarding them, but how many of your employees lock away and shred at home?
  8. Uninventoried data in home offices. More data at home means more surprises and costs — and now, potential fines – for corporate attorneys trying to conduct e-discovery.

If you take these risks and put them into a traditional threat-vulnerability matrix, you may reach an unexpected conclusion: that the home office ranks ahead of other key storage zones of corporate data. (See Table 2 for a sample matrix.)

Table 2: Threat-Vulnerability Matrix for Key Corporate Data Zones

Data-Storage Zone Level of Threat to this Zone Level of Vulnerability of this Zone Risk of Breach of this Zone (Threat and Vulnerability)
Production applications and databases HIGH LOW MEDIUM / HIGH
Home offices LOW HIGH MEDIUM / HIGH
Vendors MEDIUM MEDIUM MEDIUM
Informal data stores (Access databases and spreadsheets) MEDIUM MEDIUM MEDIUM

Risk-Mitigation Options

Alan Charles Raul, a partner at the privacy practice of Sidley Austin, recently addressed this topic at a privacy conference in St. Paul, Minn.

"Working at home offers tremendous productivity and convenience benefits to both employers and employees,” Raul told me afterward. "But while being work-accessible 24/7 has efficiency advantages, it presents delicate privacy risks for workers and security challenges for bosses. Dealing effectively with these challenges requires identifying both sets of risks and dealing with them concretely,” he added.

What were Raul's top recommendations?

  1. Update your policies to include standards for home-office work and home-compliance assessments.
  2. Get employee consent with these policies if they want to continue working from home.
  3. Properly equip and train employees to comply with the policies.
  4. Inventory data in home offices.
  5. Conduct spot checks where legally permissible.

If the only thing your company is doing about these risks is waving a policy in the air prohibiting employees from taking confidential data home, I've got some subprime mortgages in Detroit to sell you. The risk tolerance is about the same.

Jay Cline is a former chief privacy officer of a Fortune 500 company and now president of Minnesota Privacy Consultants. You can reach him at cwprivacy@computerworld.com.

Related:

Copyright © 2008 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon