Living in the information age and the world of technology provides employees with 24-hour access to work-related material and information, which is often convenient when working outside of the office, working after office hours, or working from home entirely. Though this convenience can help business staff to be available and responsive at any time, telework may be bad for business. Indeed, the National Institute of Standards and Technology (NIST) suggests that employees who access work content on their personal computers, smartphones, and tablet devices may make companies more vulnerable to hackers and breaches in network security because attackers are more able to steal confidential information from a network by first hacking devices used for telework as opposed to technologies accessed from inside the organization.
For several business organizations, their employees, contractors, business partners, vendors, and other users may find it more convenient and more preferable to work from home for a plethora of reasons. With this in mind, NIST is currently drafting new security related recommendations for both businesses and employees, which include suggestions to create separate and external networks for personal devices. Furthermore, NIST suggests organizations that already have agreements with employees and third parties requiring client devices to be secure generally fail to account for potential use of unsecured, malware-infected, and/or otherwise compromised devices may already be connected to confidential company-related material (NIST).
One draft of a March 2016 publication by NIST made a rather pragmatic suggestion to “plan their remote access security on the assumption that the networks between the telework client device and the organization cannot be trusted” (United States Department of Commerce). Businesses and organizations are urged to heed these suggestions because having a secure network is just as imperative as it is for employees to be productive as they engage in telework.
The infographic below highlights the growing trend and benefits of teleworking among various companies around the globe. While employee productivity may be higher and even preferred for individuals who engage in telework, NIST evidence suggests that companies have thus far been reluctant to insure critical network security as a necessary precaution for those who perform telework.
While the agency is collecting public comment on its drafts until April 15 2016, it currently recommends that employees practice network safety by creating unique security access codes and passwords for personal devices, setting automatic locks when devices are idle, and disabling Bluetooth and Near Field Communication features except when necessary in order to protect their organization’s network security and overall bottom-line (www.nextgov.com).