Remote work and disposable tech may put government data at risk

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Rick Vanover
 

Connecting state and local government leaders

By Rick Vanover

|

While convenient during this pandemic, allowing employees to use personal laptops and phones for work increases the risk of unauthorized access to government systems and data.

As COVID cases continue to rise, more than half of federal workers are expected to remain remote in some capacity well into the new year, and the lines between personal and government-issued devices are beginning to blur.

The concept of bring your own device (BYOD), while convenient, has limited agency control, making concerns about unauthorized access to government systems and data a growing priority. 

Months of isolation and the normalization of remote work have led some employees to let their guards down. They may be opting to use a home computer for some tasks to get work done. Perhaps they have a program installed on their personal device that would make crafting reports and memos easier.

It may seem like an innocent productivity hack to transfer data from one device to another, or to simply check personal email on a work device, but the repercussions could be severe. These seemingly time-saving actions not only lead to data sprawl, but they also contribute to the potentially more harmful data mingling. 

Data sprawling and co-mingling across agencies and personal devices is nearly impossible to manage and even more challenging to control and secure. Lack of encryption or outdated operating systems can leave personal laptops and mobile devices open to potential hacks and significant data loss. Whether on the battlefield or in government offices, out at sea or in space, secure and accessible data is critical.

Educate staff

The first step in managing the use of personal devices and the data on them is for IT teams to educate staff about the risks involved -- especially if workers eventually plan to discard their devices. Employees should be trained in government security practices and understand how that translates to personal devices.

Part of this employee training should include instructions on how to properly wipe the contents off personal devices if they eventually upgrade or resell them. With the used smartphone market expected to reach approximately $39 billion by 2025, the chance that government data on personal phones may fall into the wrong hands is not taken seriously enough by most agencies.

Staff must also be briefed on how to identify potential malware, phishing or ransomware attacks on their personal devices. If employees are able to identify these threats, it massively mitigates risk of data being lost at all.

Manually put protections in place

Information and data allow agencies to make critical decisions on day-to-day missions, and threats to government data could be catastrophic, making data protection essential. In addition to educating staff, here are some protections IT teams can manually put in place to mitigate risks even further.

  • Regularly update software. If employees opt to use their personal devices for work, it they must be required to update their phone regularly. Be sure to provide staff with the support necessary to deliver these updates. 
  • Encrypt data for protection. Although smartphones and tablets have encryption options that will protect stored data, agencies may consider requiring staff to come on-site to run a full security check and diagnostics on their devices, ensuring encryption is up-to-date and security applications are running properly.
  • Increase data protections. Security incidents involving employees working from home can arise from misuse of government desktop sessions for non-work-related activities such as social network browsing, audio and video streaming or personal shopping. All of these activities increase the possibility of sensitive government projects and information being exposed to unauthorized individuals.
  • Ensure an effective backup plan for data. Protecting information is challenging when it's on a remote worker’s home laptop. Having a reliable backup plan for further data protection can prevent issues introduced by remote workers that could potentially impact agency missions and access to critical data.
  • Clear all phone data. If government employees decide to move on to a new device or stop using their current device, agencies must have a procedure to manage the deletion of all data from that phone and a strict policy around discarding even unauthorized devices used for work to prevent access to work-related content stored on personal equipment.

Teleworking allows the government to carry on its critical mission to serve the public, and as it increasingly becomes the new normal, managing the sprawl of government data continues to be complicated. While the COVID-19 pandemic resulted in a nearly overnight shift to remote work, these flexible work trends had been forecasted to continue over the next five to 10 years. As we look to the future, remote work may become even more complicated, making it absolutely crucial for agencies to plan for the realities of data mingling becoming too overwhelming to handle.

As their agencies take on more flexible working arrangements, it is imperative IT teams understand all the  risks – including those that come with using personal devices -- and have precautions in place to ensure ultimate data protection. 

NEXT STORY: Fallout from SolarWinds breach keeps growing

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.