Fed Workers Practice Good IT Security HygieneSurvey: Extra Effort More Likely in Office Than Remote Sites Federal employees practice good IT security hygiene, especially when they're in the office; less so when they work remotely, possibly because IT security measure are seen hindering productivity.
That's the takeaway from a Government Business Council survey released Tuesday of 230 randomly selected federal defense and civilian decision makers. Though federal agencies require nearly all employees to use authentication methods such as password, security tokens and biometric identifiers, most government workers take additional precautions, mostly when they work in the office, according to the survey sponsored by CDW Government, a provider of IT wares, and Hewlett Packard.
"Federal employees - the majority of whom spend at least some time each week working remotely - keenly understand that they must take extra steps to secure confidential and sensitive agency data," Andy Lausch, vice president of federal for CDW-G, says in a statement issued along with the survey's findings.
But IT protection negatively affects productivity for those working outside the office. Eighty-six percent of respondents say that IT security measures have prevented them from being able to access the information they need to be productive while working remotely.
Among respondents working in government offices, the survey finds:
- 88 percent lock the screens in their computers when they're aware
- 71 percent only use network connections known to be secure.
- 68 percent use agency-issued machines.
- 43 percent lock screen on smart phones.
- 24 percent physically lock laptop computers.
Securing IT for remote government worker is gaining more attention from federal officials. President Obama last month signed the Telework Enhancement Act to encourage telecommuting among federal employees. And, in November, the Government Accountability Office issued a report on wireless networks, saying the government must be proactive in safeguarding its digital assets when employees work remotely. "Without having policies requiring remote-access sessions to employ adequate encryption, agencies will not be able to ensure that sensitive information is protected from unauthorized access, use, disclosure or modification when users connect to agency information systems remotely," GAO Director of Information Security Issues Gregory Wilshusen and Chief Technologist Nabajyoti Barkakati wrote in the 50-page report.
The Government Business Council conducted the survey in September.