Do You Have Security Policies for Your Telecommuters?
Posted in Privacy & Information Security, Workplace Policies
This summer the Office of Management and Budget (OMB) issued a memorandum to the heads of executive departments and agencies in the federal government about implementing security guidelines relating to the Telework Enhancement Act of 2010. It is a good reminder that, while there are lots of benefits to allowing employees to telecommute, employers need to be cognizant of protecting their systems and data from the risks associated with telecommuting. It is also a good starting place for thinking about what should be in your policies and procedures.
In December of 2009, President Obama signed the Telework Enhancement Act of 2010 (the Act). The Act was implemented to improve telework in the federal government. In the memorandum, the OMB recognizes the multiple benefits of telework (such things as resource savings, improved sustainability, and supporting the continuity of operations). Nonetheless, the OMB notes that if telework is not properly implemented it may introduce new information vulnerabilities to the systems and networks.
So what does the OMB recommend? The OMB indicates that, at a minimum, federal agencies must address the following issues in their policies:
- controlling access to agency information and information systems;
- protecting agency information (including personally identifiable information) and information systems;
- limiting the introduction of vulnerabilities;
- protecting information systems not under the control of the agency that are used for teleworking;
- safeguarding wireless and other telecommunication capabilities that are used for teleworking; and
- preventing inappropriate use of official time or resources that violated the Standards of Ethical Conduct for Employees of the Executive branch by viewing, downloading, or exchanging pornography, including child pornography.
Do you have policies in place that take these guidelines into consideration? If not, perhaps you should consider adding some policies. If so, it may be time to talk with your IT advisor and make sure your policies are sufficient.
The information contained in this post is provided to alert you to legal developments and should not be considered legal advice. It is not intended to and does not create an attorney-client relationship. Specific questions about how this information affects your particular situation should be addressed to one of the individuals listed. No representations or warranties are made with respect to this information, including, without limitation, as to its completeness, timeliness, or accuracy, and Lathrop GPM shall not be liable for any decision made in connection with the information. The choice of a lawyer is an important decision and should not be based solely on advertisements.
RSS Feed