Risk at home: privacy and security risks in telecommuting

• Ernst and Young
• Center for Democracy and Technology

Read the full text

02 July 2009For the chief technology officer or chief risk officer of today's organization, perhaps no issue presents more complexity -- or more headaches -- than the necessity to protect corporate and personal information in an environment where employees travel widely or routinely work at home, using personal computers, laptops, non-corporate owned machines and personal digital assistants (PDAs).

It is difficult enough to secure a corporate network with the constant and persistent threat from malicious external parties, from hackers to spammers to viruses.

But this challenge is only growing, as organizations increasingly offer employees the option of working remotely, from the comfort of their homes or even from the local coffee shop.

According to a 2007 Gartner report, the number of individuals worldwide working at least one day a week from home is expected to grow at a compound annual rate of about four percent and will reach over 46 million by the end of 2011.

Developed as a way to manage fixed-asset costs (i.e., to lower the physical office footprint for corporations) and as a means to attract and retain talent by allowing flexible work schedules, corporate work-from-home arrangements can be part of formal telecommuting programs or can emerge ad hoc as employees engage in various activities based on need and opportunity. With the astonishing proliferation of such work arrangements and the portability of technology assets, added to the ease of access to remote or locally hosted memory devices, the result is a business challenge that not only has the CTO awake at night, but has also reached as far as the C-suite and the corporate boardroom.