<html>
<body>
Telecommuting (working from home, or from business trips) has long
existed in the general business world, can be expected to grow, and makes
possible work from off-shore locations. Many data loss incidents
have been where people have access to massive work-related data, remote
from work place with less physical and logical security protection than
in the work place. The data can be better protected if it
resides at the work place, is accessed over a secure line like VPN,
because if the remote site laptop gets stolen, that user's passwords can
be changed at HQ.<br><br>
I think the focus needs to be on practicalities of reducing risk outside
the work place, perhaps via encryption of what is outside the work place,
use of more secure communications connections, such as not leave wifi
port turned on when not in use. There's also standards for web
sites with personal and confidential information, and we might question
whether media containing sensitive data ought to be transmitted through
delivery services intended for less critical content..<br><br>
Many breaches have been of work taken home, left in parked car. The
big VA break in was a burglary when the VA employee was not home, but his
work was. If you are going to take such work home with you, should
there be standards for storing it when you are not there using it, such
as place those thumb and zip drives in a safe with other valuables?
The cost of safes for employees taking such work home with them, would be
peanuts compared to the costs after a breach occurs.<br><br>
Al Mac<br><br>
<blockquote type=cite class=cite cite="">The current push to allow
Federal employees to work from home or from remote locations clearly
needs to be reexamined for its data security implications.<br>
richard<br>
<font size=1><b>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</font>
</b></blockquote></body>
</html>