The winds of federal teleworking are changing as security officials in government agencies are ready to expand remote work offerings. Contrary to past opinion, the public sector is recognizing that security is not an insurmountable hurdle to working outside the office, and sanctioned programs offer more protection than informal arrangements. In addition, devising a viable telework plan makes agencies more responsive and efficient during emergency situations.

Telework Exchange, a public-private partnership focused on government telework, recently released a survey of 35 of the 117 federal chief information security officers’ (CISOs’) opinions on remote working and security. The study, titled “Remote Control—Federal CISOs Dish on Mobility, Telework and Data Security,” revealed that 94 percent of CISOs do not believe that teleworkers in an official program pose a data security concern. Rather, what concerns these officers are employees working at home at night and on weekends or working outside an official telework program. Other causes for worry include lack of appropriate data security tools and technologies as well as insufficient data training for all employees.

“We’ve heard in the past that security is the issue,” Cindy Auten, general manager of Telework Exchange, says. “We’re trying to show that security is not the issue.” She explains that CISOs are heavily involved in telework and ready to expand it. Security is an issue off site just as it is in the workplace. “I think the key issue is you have to have security in your telework program,” Auten states. “What we’re seeing is security issues should not hinder telework adoption.”

Teleworkers often serve as models in data security because they have more training and work in an official program. CISOs work with sanctioned telework programs, making sure everyone is secure at home or in the office. Employees working independently from remote locations pose more of a concern for CISOs, and problems occur when data leave an office without authorization.

Agencies also benefit from establishing official telework programs because in an emergency, employees will be trained to work away from the office, facilitating continuity of operations. During crises, staff members have the technical and cultural knowledge to work in a different environment. “It’s not ‘break glass in case of emergency,’” Auten explains. “I think it has to be built into the standard operating procedures.”

For example, the 2nd Annual Telework Exchange Town Hall Meeting recently held in Washington, D.C., and attended by telework leaders and federal agency C-level decision makers, featured a panel discussion focused on pandemic planning. One panelist brought up the problem of social isolation during conditions such as a pandemic flu; however, isolation also could occur as a result of severe weather. A telework program would ensure that necessary agencies could continue to provide services in times of emergency.

Telework is becoming part of the workplace culture. One hundred percent of the CISOs surveyed said that their agencies offer telework, and 51 percent noted a slight increase in telework over the past year. In the study, 83 percent of CISOs report increased laptop use in the last year, and 63 percent say that securing mobile devices is their primary security priority.

During another panel at the town hall meeting, CISOs claimed that mobile security “kept them up at night.” Thirty-seven percent of CISOs say it is common practice in their agencies for employees to carry home files on discs or universal serial bus drives, also known as thumb drives. Twenty-three percent say it is common for staff to bring home files stored on a laptop hard drive.

As the work force becomes more mobile, employees need access to information from anywhere, anytime. Data security training for all employees could solve problems for agencies. All employees with a laptop could receive the same security training as formal teleworkers so everyone would be educated on proper procedures.

Seventy-four percent of CISOs said mobile security could be improved by ensuring that all employees, regardless of telework status, receive mobile data security training. Sixty-three percent responded that auditing and understanding the full population of employees who work from locations other than their primary work site would improve mobile security. That same percentage also mentioned improving mobile security by ensuring that all telework-eligible employees function within an official telework program.

All the change and mobility have not interfered with agencies’ ability to meet federal guidelines. Eighty-three percent of CISOs responded that telework/mobile computing infrastructure does not hamper their ability to meet Federal Information Security Management Act (FISMA) requirements. The same percentage calls for a FISMA-compliant end-point certification.