VA not alone in letting data walk out the door
Almost half of GCN survey respondents report taking federal data files home
- By Wyatt Kash
- May 31, 2006
The recent theft of personal data on as many as 26.5 million veterans has sent government agencies a chilling message about the need to take new data security measures to prevent confidential data from walking out the door.
According to a new survey by Government Computer News, there is good reason for government officials and the public at large to be concerned.
Nearly one-half (46 percent) of 326 respondents to a GCN reader survey of government IT workers this week said they had taken government data files home in the past six months to keep up with their work.
Government data is moved or carried by a variety of means. The most frequent methods that survey respondents reporting using were:
- Laptop/notebook: 54 percent
- VPN (virtual private network) or secured network: 41 percent
- Key drive: 34 percent
- CDs/DVDs: 32 percent
- E-mail: 31 percent
- External/portable disk drive: 17 percent
- Paper Copies: 4 percent
- PDAs/Cell Phones: 2 percent
And although half (51 percent) of respondents said their government office has a clear policy about what data files they can work on at home or outside the office, 32 percent said their office does not have a clear policy and 18 percent said they don't know if there was a clear policy.
Among respondents familiar with such policies and who were asked how consistently such policies are enforced, 49 percent said routinely, 11 percent said the majority of the time, 9 percent said irregularly or rarely and 30 percent didn't know.
Asked whether their office provides clear encryption instructions when handling sensitive data, a common method for making data more secure, half (51 percent) said yes, 28 percent said no and 21 percent said they didn't know.
Those surveyed offered a variety of recommendations to help guarantee sensitive data is not lost or stolen. The most common recommendations:
- Use automatic encryption
- Allow more government workers working outside the office to have controlled access via secured network connections (or Virtual Private Network) instead of using portable storage devices.
- Require automated alerts when sensitive data is moved, copied, transferred or removed from its original location.
- Make consequences severe for information security violations
The survey was conducted by Government Computer News May 26-31, polling a portion of its 100,000 subscribers who manage information technology and programs for government agencies, including defense and military agencies.
Wyatt Kash served as chief editor of GCN (October 2004 to August 2010) and also of Defense Systems (January 2009 to August 2010). He currently serves as Content Director and Editor at Large of 1105 Media.