This week's topics of choice were security breaches and security precautions. I think that security loopholes are just another facet of IT workload that must be factored into the IT project review process.
It seems to me that people tend to assume that technology will make life easier and improve productivity. When considering new project, however, people tend to ignore the extra work needed to secure those new pieces of technology. A web portal, for example, may open a company's operations to customers and employees around the globe, but it also provides a door for criminals to compromise a company's systems. Similarly, Blackberries may be a great tool for communication, but each wonderful portable pocket pc is a great opportunity for a criminal to masquerade as a member of the network and gain privileged access to corporate systems.
Imagine how teleworkers would protest if they received laptops without wireless cards and were forced to use landlines to connect to the internet. Imagine if corporations required teleworkers to have a dedicated telework landline at their homes - a landline whose activity would be monitored as part of the telework process. After all, convenience has a price, and the cost of a landline would almost certainly be less than the costs of gas and childcare. Imagine that corporations required teleworkers to acquire certain approved home safes or secure their homes with a required number of locks in order to help ensure the safety of the information contained on the machines.
If corporations required these things, then teleworking would be much safer for corporations and much less convenient for employees. It is ultimately corporations, however, that bear the brunt of the costs when teleworkers compromise information either inadvertently or through gross negligence. The VA is blamed when its employee loses a laptop containing personal information and social security numbers. The general public is enraged at the VA's lack of security, but no one is toilet-papering the employee's house. I think that most people don't even know the employee's name.
Because corporations bear the costs when broken procedures result in disaster, they have greater incentive to ensure that procedures are followed. Most employees would balk at more secure procedures or telework, so corporations may need to resort to banning telework entirely.
In the future I will think of security costs as one of the costs of implementing new technologies.
Subscribe to:
Post Comments (Atom)
I also teach a course in the homeland security program and one key point is the need to balance security against cost, aesthetics, corporate culture, human behavior, etc.
ReplyDeleteI don't think banning telework is the answer. One needs to balance security against employee convenience. That means proper security controls and training is need prior to allowing an employee to telework.