They are just making sure you’re cyber safe in a virtual environment.
Jennifer Franks, Director of Information Technology and Cybersecurity at US Government Accountability Office (GAO), took a closer look at tracking and surveillance technologies used by organizations to monitor employees, and the impact of such actions on productivity and privacy, and why they are critical to cybersecurity. The discussion was part of a Workforce Summit hosted by Government Executive, Nextgov, FCW, GCN, Washington Technology and Route Fifty, to explore how teleworking has changed the federal landscape in a big way.
Working in a remote environment has become a perk that some federal agencies are able to offer their employees, born out of the COVID-19 pandemic. Since there has been an increase in the use of telework, comprising more than 80% of total work time (according to a recent GAO report). 14 of 24 agencies have at least a quarter of their employees working from home full-time.
With the benefits of telework come issues like difficulties in replicating an office environment, IT shortages, or an unhealthy work life balance level. But the largest problems are the cyber risks associated with federal employees teleworking, Franks emphasized.
Federal agencies and our nation’s critical infrastructure depend on IT systems to carry out operations and process essential data. Risks to these systems are increasing with telework – including insider threats from witting or unwitting employees, escalating and emerging threats from around the globe, and the emergence of new and more destructive attacks. According to the Department of Homeland Security, in FY 2021 over 32,000 security incidents were reported by federal civilian agencies.
Franks offers tips for federal employees working remotely:
“Make sure your personal device is patched for your agencies network,” she said. “Government devices should stay connected to your network so devices can be updated by your agency so you can stay more protected.”
POTENTIAL FRAUD RISKS & RED FLAGS RESULTING FROM TELEWORK
Several agencies have authorized the use of both agency and personal devices to perform work, so organizations should ensure that their guidance and policies are up to date to avoid cybersecurity vulnerabilities (i.e., enabling multi factor authentication to ensure only authorized people are connecting to an agency’s network). Data and identity theft can increase, especially when employees work on an unsecure home or public network or from a personal device.
Other red flags that result from employees working remotely are time and attendance fraud or abusing telework. Organizations can conduct fraud risk assessments, ensure manager’s set expectations, perform periodic audits, and conduct continuous training.
