GovExec.com reports that the VA is cutting back on telework and prohibiting the use of personal computers for telework.
Um… didn’t they already have that rule?
The theft of data on 26 million veterans could have been prevented if existing rules weren’t ignored and unenforced. Period. Punish the people that are flouting the rules and fix the process.
I believe in rules, especially for teleworkers. I believe that if security policies and processes aren’t in place to effectively protect important data, then teleworking shouldn’t occur when that data is required to do the work.
The problem is people are lazy and that is really one thing you can’t be if you work from home. You have to do the job and you have to do it better than people that go to the office everyday and are seen regularly.
Simple everyday technology would have protected the data that was stolen. Encryption is easily implemented on laptop harddrives. VPN and terminal server access could prevent the data from ever leaving the servers in the VA office.
If you run a business or a telework program for your business you have to take security into account when you design your program and set your policies. Just like you have a lock on your front door and an anti-virus program on your computer, encryption will be the next mandatory component for the mobile workforce.
I am currently doing some research on encryption for small business. An article on the topic is on my to-do list.