Telecommuters are nothing new at TriNet Group, a human resources outsourcer in California, U.S. In fact, a significant part of the company's workforce operates remotely, either out of their homes or in small satellite offices, all on laptop computers, according to Bob Dehnhardt, the company's network and information security manager.
But over the past 18 months, Dehnhardt has grown increasingly concerned about the rising number of mobile computer security breaches in the news, most notably the theft of a laptop and external drive from a U.S. Department of Veterans Affairs employee -- an incident that compromised the personal data of 26.5 million veterans and military personnel. So last year, he helped institute a series of security policies, including a requirement that all employees who work at home must sign a contract. One of the contract's provisions states that such employees must be willing to open their homes for inspection.
"Working from home is a privilege, not a right," Dehnhardt says. "It has numerous advantages to both the employer and the employee, but it also constitutes a very real security risk for the company. There have to be rules and policies in place to protect the employer from this risk, and both parties must agree to them."
But TriNet is ahead of the curve in home-worker security. Despite network attacks, virus onslaughts, data loss and other hazards that remote users can introduce, many U.S. companies haven't bothered to establish security policies for teleworkers, according to Runzheimer International, a provider of employee mobility products and services. In Runzheimer's 2006 survey of 87 organizations with mobile workers, 62 percent of respondents said they were concerned about the security of company assets located off-premises, but only 46 percent reported that they have a virtual office policy.
"A lot of companies are just hoping that nothing will happen," says Jack Gold, a mobile technology consultant at Runzheimer. "And yet for a reasonable amount of effort, they could eliminate 90 percent of the potential problems."
For starters, telecommuters should use only company-owned equipment for their work, not their own home computers, Gold says. That way, IT can ensure that the equipment is loaded with virus protection software and other control devices. By keeping operating systems and application versions standardized, IT can also centrally manage virus updates. "If you rely on the end-user community to take care of their own systems, you're in trouble," Gold says.
At TriNet, telecommuters use centrally managed laptops. "This gives us a means of enforcing policy, since we own the equipment, and it also reduces the workload on our support people, since they don't have to troubleshoot why Billy's World of Warcraft installation broke our critical internally developed application," Dehnhardt says.