Telework rules get technical
GSA to agencies: Limit network access
- By Jana Cranmer
- Mar 30, 2007
The General Services Administration's recent guidelines on telework have a dual purpose: to promote working outside the office while protecting data on notebook PCs, personal digital assistants and cell phones.
Past efforts to promote teleworking have been hampered by'among other things'problems with security, especially in the last year. In 2006, most agencies admitted to data security breaches, including the Veterans Affairs and Agriculture departments, the Navy, the IRS and the National Institutes of Health's credit union.
To help protect data, GSA recently issued guidelines establishing specific criteria for encryption and network access (GCN.com/747). GSA recommends that agencies secure data unless it is deemed not critical, and that access to an agency's centralized IT systems only be available to employees whose tasks require it.
Ryan Johnson, public affairs director for World at Work, a nonprofit organization based in Scottsdale, Ariz., said that the increased use of encryption and passwords is a step in the right direction for IT security. 'If you do basic things, you can foil a lot of problems,' Johnson said. 'More recent versions of Microsoft Office allow encryption, and there are simple things to do on laptops to provide short-term protection. We're getting smarter about security.'
Theresa Noll, senior telework program analyst in GSA's Office of Governmentwide Policy, said the new guidelines do not create any major changes to security procedures because the National Institute of Standards and Technology and the Office of Management and Budget provide agencies specific security instructions.
Employees who require network access can use a virtual private network to ensure secure connections to the office. But according to Chuck Wilsker, president and CEO of the Telework Coalition of Washington, agencies need to use common sense along with VPNs and server-based computing.
'Don't take critical information out of the office,' Wilsker said. 'If it stays in the office, it does not get out. Use common sense.'
In addition to encryption and data security, GSA's guidelines state that agencies should use telework equipment for continuity-of-operations purposes in order to increase the agency's return on telework equipment investments.
'It is important that GSA is finally incorporating the idea that telework is an integral part of continuance of operations,' Wilsker said. 'Very rarely do you see the government spending on something that gives a return on the investment.'
GSA's guidelines also advise agencies to update their help desk support to better serve teleworkers. Noll said help desk employees are to be versed in various types of communications in place, including remote diagnostics and running diagnostics.
'Help desks are sometimes not robust in those areas,' Noll said. 'The desks need someone experienced in troubleshooting specific issues for teleworkers.'
Wilsker said that one problem help desks face is that teleworkers do not always work standard hours, which can be problematic for employees experiencing technical difficulties outside of the 9-to-5 workday. In addition, Wilsker said the government should look at consolidating help desks because many IT basic Level 1 troubleshooting solutions are universal.