Careless homeworkers increase security risks

CIO Jury: But there's no reason why they should…

Careless remote and home-working staff are opening up corporate IT networks to an increased risk of damaging security breaches.

A survey by Cisco this week found a lack of discipline and vigilance among home workers on the internet - from hi-jacking the neighbour's wi-fi to opening unsafe emails and lending non-employees their work PCs or laptops.

That view of increased security risks is backed by 10 of's 12-strong CIO Jury IT user panel, along with's new Naked CIO columnist.

Peter Pedersen, CTO of Rank Group, said: "I believe the risks will increasingly force IT departments to implement tougher lockdown and device control."

Wireless from A to Z

Click on the links below to find out more…

A is for Antivirus
B is for Bluetooth
C is for The Cloud
D is for dotMobi
E is for Email
F is for FMC
G is for GPS
H is for HSDPA
I is for i-mode
J is for Japan Air
K is for Korea
L is for LBS
M is for M2M
N is for NFC
O is for Operating systems
P is for Pubs
Q is for QoS
R is for Roaming
S is for Satellite
T is for TV
U is for UMTS
V is for Virgin
W is for WiMax
X is for XDA
Y is for Yucca
Z is for Zigbee

But working from non-office locations is now a fact of life for most businesses and the risks must be mitigated against, according to Nick Masterson-Jones, IT director at Vocalink.

He said: "In response we have brought in a new infrastructure that allows remote access from anywhere but the services all operate within our data centre - the remote access is purely a Citrix window. We can therefore completely control the resources available, including preventing printing, cutting, copying of data and even downloads onto those ubiquitous USB memory sticks."

Ian Auger, IT director for ITN, said backing up employee usage policies with automated enforcement systems can help mitigate the risk.

He said: "We deploy varying levels of remote access from basic Outlook web access to full blown VPN depending on the need. This impacts on the potential risk, ease of accessibility, the amount of support needed to maintain the systems and ultimately the cost."

A lack of training for remote and home working staff is also one of the key risk factors.

Kevin Fitzpatrick, European CIO for Sodexho, said: "Risks increased when we moved away from mainframes and proprietary networks to client devices, but the increased benefits hugely outweigh the downsides. Sensible policies, appropriate security and above all training can sufficiently mitigate."

But others disagree that homeworkers pose a greater security risk than employees in the office.

Nic Evans, European IT director at Key Equipment Finance, said: "With secure VPN and disk encryption there is no reason why technically homeworking should be any less secure than in the office. A few years ago I found tomato ketchup on the keyboard and Chitty Chitty Bang Bang in the DVD drive of a laptop which served as a reminder that you should also have training and strictly enforced usage policies to go with it."

Social networks also pose a security risk, according to Richard Steel, CIO for the London Borough of Newham.

He said: "Increasingly we work in partnerships and share information, and will open up access though social networks - as well as increase home and remote working. Our system's infrastructure designs have to be fit for purpose."

Today's CIO Jury was…

Ian Auger, IT director, ITN
Dominic Cameron, project director of Voice Web,
Nic Evans, European IT director, Key Equipment Finance
Kevin Fitzpatrick, European CIO, Sodexho
Andy Griffiths, head of IT, DVLA
Paul Haley, IT director, University of Aberdeen
John Keeling, director of computer services, John Lewis
Nick Masterson-Jones, IT director, Vocalink
Peter Pedersen, CTO, Rank Group
Jacques Rene, CTO, Ascend
Richard Steel, CIO, London Borough of Newham
David Supple, director of IT, marketing and creative services, Ecotec

Want to be part of's CIO Jury and have your say on the hot issues for IT departments? If you are a CIO, CTO, IT director or equivalent at a large or small company in the private or public sector and you want to be part of's CIO Jury pool, or you know an IT chief who should be, then drop us a line at