By Richard W. Walker
June 4, 2007
A year after a laptop computer was stolen from the home of a Veterans
Affairs Department employee, federal systems are still vulnerable,
according to a study released today.
A Telework Exchange survey of 258 federal employees found that 13
percent dont have encryption on their newly issued laptop PCs, compared
with 11 percent in June 2006 before VA announced that the stolen laptop
contained information on about 26.5 million people.
Sixty-five percent of the workers in the study said their agencies
reinforced security policies after the VA incident, although fewer than
half reported that their agencies provided them with additional training
(48 percent) or updated encryption and other protection technologies (47
percent). Moreover, 16 percent said their agencies didnt react at all to
The survey also revealed that although those who telework and those who
dont have about the same awareness of their agencies security policies
97 percent compared to 96 percent, respectively teleworkers are more
likely to have received training on data security, have encryption on
their laptops and have antivirus protection on their work PCs.
According to researchers, nonteleworkers are the Achilles heel of
federal data security. Fifty-four percent of them said they carry files
home and 41 percent reported that they log onto their agencys network
These unofficial teleworkers are removing data from the office and
working remotely in unauthorized locations, and therefore constitute a
major risk in data security, researchers concluded.
Nonteleworkers represented 52 percent of the respondents in the survey,
teleworkers 48 percent.
Researchers recommended that agencies audit and assess unofficial
teleworkers; implement and update policies, training, and technology to
reinforce data security policies; and make sure that all laptop and
desktop PCs, regardless of whether the user is a teleworker or
nonteleworker, have data encryption and security protection.
The survey, conducted last month, was underwritten by Utimaco, a data
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com