Telecommuting May Cause Security Risks for Companies
As many people struggle to find work-life balance, the concept of telecommuting- the ability to work from home- is gaining traction. According to the latest Statistics Canada data, 1.4 million Canadians work at home at least part of the time and a 2010 study by Workopolis found that more than half of Canadians would like the option to work from home in order to avoid long commutes and increase productivity.
Laptops, PDAs and iPads have all made it much easier to work from any remote location. Camera-enabled tablet computers and programs like Skype make virtual face-to-face meetings simple.
Besides the obvious benefits for the employee, there are benefits for the employer as well. Studies have found that a business with 250 telecommuting employees could save about $3-million a year. The primary financial savings are derived from increased productivity, reduced real estate costs, reduced energy consumption and lower absenteeism and turnover.
Despite these savings, Douglas Grosfield, President and CEO of Xylotek Solutions, says telecommuting can pose significant risk to the company’s network security. This becomes an issue when an employee connects to his/her office network via a home computer. While security settings are generally standardized on all workplace computers, it can be more difficult to ensure that an employee's home machine and network are as secure. Because the employer has less control over the security of the employee’s home computer, Grosfield suggests the following:
- Consider using a virtualized solution- A virtual desktop or application virtualization solution would allow all programs and files to reside in a virtual environment in a secure location, which could then be accessed from a home computer or any other computer in the office. If a laptop is lost or stolen, there would be no client data or files on the computer that could be compromised. In addition, software updates and anti-virus scans can be managed centrally to ensure all employees are well covered. Products like Citrix are considered industry leading in this space.
- Create a telecommuting policy- According to Ponemon Institute’s 2010-2011 security tracking study, 91 percent of surveyed companies reported their employees downloaded applications that contained malware, viruses, etc. A telecommuting policy can help to prevent this by outlining basic steps for network security such as guidelines on what can be downloaded as well as the need for regular software updates, anti-virus scans, etc. The policy should also identify who can use the computer and should limit the use to the employee only as other individuals in the household may download and install software or malware which may unintentionally infect the system or track sensitive information such as userIDs and passwords. It can also include guidelines on what types of data should not be stored on these devices and details on how to report a lost or stolen device. Ensure policies are strictly enforced.
- Ensure any home wireless networks are adequately secured to avoid making them open to intruders- This is critical in order to protect client data and financial information which can be stolen. Having a security key for the wireless network is not enough. It can be cracked depending on the level of encryption. Set the SSID (service set identifier) to not broadcast. Every wireless access point has an SSID, the public name of a wireless network. By setting it not to broadcast, it will be hidden and not come up as an option for others to click on as a wireless network.
- Consider using Virtual Private Networks (VPNs) for added security- If the network connections are not properly secured, confidential corporate information can be intercepted while the data is transmitted between the home and the office network. Virtual Private Networks (VPNs) are a way to secure communications to an organization’s internal network.
- Ensure the work laptop, mobile devices and any storage media are always safely secured- Laptops and other mobile devices could be considered one of the greatest risks to a company because of the confidential information that could be lost should these devices be misplaced or stolen. It is therefore imperative that they are not left unattended, in the car or in plain sight at home as they may be stolen during a break-in.
- Ensure all devices are encrypted and consider anti-theft technologies- Encryption is the process of scrambling information so it cannot be read by unauthorized individuals. According to a 2009 Ponemon study sponsored by Intel, the total economic impact of one lost laptop is $49,256. That same study found that on average, encryption can reduce the cost of a lost laptop by more than $20,000. In addition to encryption, there are anti-theft technologies that can be used to remotely wipe the data on a lost mobile device preventing thieves from accessing the information.
- Request all staff to report any suspicious activity on their employer-issued computers- If an employee notices any changes to the computer and its operation, it must be reported to the company’s IT representatives. E.g.) ads suddenly popping up, a slow-down in performance, etc. This may indicate the presence of software or malware which may cause more harm than good.
While there are significant IT risks to telecommuting, they can be easily managed and should not discourage a company from considering this potentially cost-saving work arrangement which comes with many other benefits. By taking precautions and creating a strong telecommuting policy, companies can reduce the risk of a costly data breach and damaged reputation due to the loss of sensitive client information.
How changing your company's software code can prevent bias
Two-third of tech professionals believe organizations aren’t doing enough to address racial inequality. After all, many companies will just hire a DEI consultant, have a few training sessions and call it a day.
Wanting to take a unique yet impactful approach to DEI, Deltek, the leading global provider of software and solutions for project-based businesses, took a look at and removed all exclusive terminology in their software code. By removing terms such as ‘master’ and ‘blacklist’ from company coding, Deltek is working to ensure that diversity and inclusion are woven into every aspect of their organization.
Business Chief North America talks to Lisa Roberts, Senior Director of HR and Leader of Diversity & Inclusion at Deltek to find out more.
Why should businesses today care about removing company bias within their software code?
We know that words can have a profound impact on people and leave a lasting impression. Many of the words that have been used in a technology environment were created many years ago, and today those words can be harmful to our customers and employees. Businesses should use words that will leave a positive impact and help create a more inclusive culture in their organization
What impact can exclusive terms have on employees?
Exclusive terms can have a significant impact on employees. It starts with the words we use in our job postings to describe the responsibilities in the position and of course, we also see this in our software code and other areas of the business. Exclusive terminology can be hurtful, and even make employees feel unwelcome. That can impact a person’s desire to join the team, stay at a company, or ultimately decide to leave. All of these critical actions impact the bottom line to the organization.
Please explain how Deltek has removed bias terminology from its software code
Deltek’s engineering team has removed biased terminology from our products, as well as from our documentation. The terms we focused on first that were easy to identify include blacklist, whitelist, and master/slave relationships in data architecture. We have also made some progress in removing gendered language, such as changing he and she to they in some documentation, as well as heteronormative language. We see this most commonly in pick lists that ask to identify someone as your husband or wife. The work is not done, but we are proud of how far we’ve come with this exercise!
What steps is Deltek taking to ensure biased terminology doesn’t end up in its code in the future?
What we are doing at Deltek, and what other organizations can do, is to put accountability on employees to recognize when this is happening – if you see something, say something! We also listen to feedback our customers give us and have heard their feedback on this topic. Those are both very reactive things of course, but we are also proactive. We have created guidance that identifies words that are more inclusive and also just good practice for communicating in a way that includes and respects others.
What advice would you give to other HR leaders who are looking to enhance DEI efforts within company technology?
My simple advice is to start with what makes sense to your organization and culture. Doing nothing is worse than doing something. And one of the best places to start is by acknowledging this is not just an HR initiative. Every employee owns the success of D&I efforts, and employees want to help the organization be better. For example, removing bias terminology was an action initiated by our Engineering and Product Strategy teams at Deltek, not HR. You can solicit the voices of employees by asking for feedback in engagement surveys, focus groups, and town halls. We hear great recommendations from employees and take those opportunities to improve.