Security measures in a telework environment should cover information systems and technology, and all other aspects of the information systems used by the employee, including paper files, other media, storage devices, and telecommunications equipment (e.g., laptops, PDAs, and cell phones). It is important to remember that just because employees are working from home or another approved alternate location, it is their responsibility to protect and manage the records and other sensitive information stored on telework devices and transmitted across external networks. Employees who telework from home need to keep Government property and information safe, secure, and separated from their personal property and information.
The National Institute of Standards and Technology (NIST) (external link) is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all Federal agency operations and assets. The Guide to Enterprise Telework and Remote Access Security (external link) (PDF file) (2009), is intended to help organizations understand and mitigate the risks associated with the technologies they use for telework. The guide emphasizes the importance of securing sensitive information stored on telework devices and transmitted across external networks, and it also provides recommendations for selecting, implementing, and maintaining the necessary security controls. NIST also developed the User's Guide to Securing External Devices for Telework and Remote Access (external link) (PDF file) (2007) to help teleworkers secure the external devices they use for telework.
- Thoroughly review all telework agreements to ensure they are in compliance with agency information security policies.
- Ensure employees receive agency information systems security training.
- Work with employees to ensure they fully understand and have the technical expertise to comply with agency requirements.
- Invest in technology and equipment that can support success.
- Work with employees to develop secure systems for potentially sensitive documents and other materials.
- Track removal and return of potentially sensitive materials, such as personnel records.
- Enforce personal privacy requirements for records.
- Participate in agency information systems security training.
- Achieve sufficient technical proficiency to implement the required measures.
- Provide a high level of security to any personal or private information accessed at the telework site or transported between locations.
- Remain sensitive to individual rights to personal privacy.
- Comply with agency policies and with any additional requirements spelled out in the telework agreement.