Slashdot Mirror
Telecommuting Backlash
coondoggie writes to tell us that advocates of the telecommute have stood up against recent finger pointing based on recent telecommuter screw ups. One of the more notable screw up was the recent loss of many veteran's personal information by a VA employee. From the article: "Despite years of growing acceptance, telework still has such detractors. 'The No. 1 challenge is cultural inertia. It's motivating the middle managers, teaching them a new way of doing work,' O'Keeffe says. 'It's the Luddite mentality that we need to change.'"
The problem here isn't telecommuting, it is bad security practices and these problems probably would have happened one way or another, whether it's over a SSH tunnel, VPN, or local on the lan.
Telecommuting isn't the problem. Ineffective security policies are.
It's possible to set up secure connections between a telecommuter's computer and a secure server. Encrypted tunnels for VPN or something like that. Encrypt data on the laptop hard drive - if you even permit sensitive data to be stored there at all.
But until government and corporations are seriously committed to taking the measures necessary to keep private data secure, incidents like this will keep happening, whether it's due to a stolen telecommuting laptop or a server that gets broken into.
I read the whole article, and I couldn't find any instance of "finger pointing" by companies, the press, or the government. Who, exactly, is pointing fingers? This sounds like an article about a non-issue, if you ask me. I understand that many telecommuters want to continue telecommuting, but the article provides no information as to who this nebulous group of "finger pointers" are, or even if they really exist.
"The analyst whose laptop was stolen from his house was not a teleworker, just someone who took work home with him."
/., but everyone I know, even in the IT industry has to go and show some flesh at a physical location to get paid. I'd love to telecommute but to be honest, it's mostly impractical for most people who have to engage with humans to get their job done effectively.
On what grounds are you going to detract from telecommuting in that statement? Every worker I know a)has a latop and b)moves it around. I don't think any of us would call ourselves telecommuters in any sense of the word. The fact we take work home, on 'theivable' media isn't an argument against telecommuting, it's an argument for us not taking work home!
I know there are telecommuters on
The next question for me is, who is this backlash against?
I don't read your sig, why do you read mine?
Interesting article. It pretty much notes what's being said here - good telework requires good policies, good enforcement, and good planning.
In my last job I telecommuted for a good 3-5 months until I left. The company had excellent policies and security. There wasn't a single reported incident of data theft from our division in the two-and-a-half years I was there. I was definitely more productive, and I was also better able to plan around illness, holidays, and emegencies.
It's all about good policy. A company without telecommuters is still insecure if it has a crap IT Risk policy.
"The Sage treasures Unity and measures all things by it" - Lao Tzu
Why cant these compaines use Term Server? it would then be a bit more on the secure side, at least that way you dont have dumb people taking their lap top home with personal data on it. I actually work as IT for a sub division of Bank of the West, we do not allow our users to have ANY borrower/customer data saved on their local machine. if they do they can be let go quicker then you can say "i didnt mean to save it on my desk top" some of the managers here can "telecommute" in. if they would let the loan processors here do that too, then we could close half of the office and save the company on rental costs energy costs and much much more. Plus not to mention the gas saved for the peopele that could work from home. I think with the gas the way it is, more companies should encourage their employees to stay at home.
I had a laptop stolen in a secured office building. Each floor required a badge, as did the lobby. A laptop at home is no more or less safe than a laptop at work. In fact, my house is probably harder to break in to than most office buildings.
You know what the REAL problem with telecommuting is? It's kids. There you are, sitting at home, trying to set apart work from nonwork, but the kids know you're in the house. They want to play, and they're just so cute and irrisistible.
--I'm so big, my sig has its own sig.
-- See?
This is not the fault of telecommuting, although tyranical bosses who hate telecommutors will blame telecommuting (so they can chain you to your cubicle and bark orders and breath down your neck), when the reality is... accountability in the IT/Network Security dept.
I telecommute from around the world and work directly off machines via SSH, so even if my laptop is stolen, nothing confidential or work-related can be compromised.
Of coarse, if you're IT/Network security policies allow telecommuters to actually work ON their own hd's, then that is your fault for having a flawed IT/Network security policy.
Either way, this is FUD for anti-telecommutism.
the only permanence in existence, is the impermanence of existence.
One thing I personally feel is you don't develop a bond with your co-workers if you don't see them face to face. I'm a network engineer for a large fortune 500, I have a company laptop with VPN software that I can use to work from home if I want. Occasionally I do, especially if I need to watch a sick child but still want to get some work done. Otherwise I try to go into my office and be present for face to face meetings whenever possible. My direct boss lives and works 300 miles from my office and I rarely see him, maybe 6 times a year. We talk over the phone and email frequently but we don't have the kind of boss/employee relationship that I've had in the past. Very hard to feel comfortable working/trusting other people when they seem almost like strangers to you.
I don't see anyone asking the question: "what effect does telecommuting have on productivity?" I work in the R&D arm of a major multinational corporation and the projects I work on are highly collaborative. I can often accomplish more in 15-30 minutes of face-to-face conversation with a colleague than in an hour or more over the phone or video conference, even with fancy collaboration tools like Lotus Sametime and Microsoft NetMeeting.
Without it... many geeks, particularly on this site, will be forced to bathe, work, and not "work" while watching ESPN, anime, or porn. The attack against telecommuting is the cultural eradication of the information age.
What are the odds that the weekend he'd take a dump of the records of 26M veterans home would be the weekend he got robbed? Someone better get the FBI on this guy's ass because he's probably got a fat Swiss bank account waiting for him after he loses his job and does a little time in the pokey. What a great coincidence that the time he takes the motherload of personal information home is the time he is the victim of a little "smash and grab..."
Ive been telecommuting for over 5 years now and Im about to give up.
People are resistant on working in ways to accomodate telelcommuting. People will wait for me to visit the office..even if thats many weeks - rather than pick up the phone.
I also find that when people want to play politics - you are at a severe disadvantage when telecomuting.
Every time management changes you have to reconvince them its viable and I have decided over all that
Thats despite the fact that I work in an IT department for a large vibrant and successful company that prides itself on its forward thinking.
So after 5 years - Im giving up - not for technical reasons.. which I have been able to manage one way or another - but because the culture - even in IT is just not accepting of telecommuters and in fact disdvantages them.
There's no good reason why a laptop taken home needs to have private information about customers/patients/clients/etc. on it. The customer data can be kept on an enterprise database server that is less susceptible to theft or to being accessed from insecure networks. The telecommuting employees can access the data remotely via an encrypted VPN, or use Windows Terminal Services, VNC, SSH, or the like over the VPN.
The backlash against telecommuting is not just security related - it's cultural. How can an organization stay fresh and bring on new people who can learn from mentors and rapidly come up the learning curve if all the senior engineers are tucked up at home coding in their PJs? How will that organization build a culture, build commitment, build team spirit? There have to be some limits or a company will stagnate. security issues can easily be handled with better technology over time but I don't think the cultural ones are so easily dealt with.
Think twice before pushing telecommuting to your boss, people. If you can telecommute from the other side of town and do your job effectively, someone from India or China can do it frm the other side of the planet, and for a lot less money. If there's an easier way to mark your position with a flashing neon "OUTSOURCE ME!" sign, I haven't heard of it...
The first time my company allowed workers to telecommute, they apparently had some folks who took that to mean they could loaf and not actually, you know, work.
Some people got fired and management adopted a very strong but unwritten policy that telecommuting was completely disallowed. The telecommuting fallout had happened a couple years before I started working there but management was stil upset by the time I was hired. I learned the hard way when I had to come to work three times in the middle of an ice storm that should have allowed for some flexible remote working. No way.
The irony is that the regular workers who show up in person at the office spend a lot of the day loafing around, playing computer games, surfing, wandering from cube to cube chatting, and generally not doing, you know, work. Management sees it but doesn't do much about it. But do this on company time where they can't see it? ouch.
"Telecommuting" means working away from the normal office environment. This guy was a "teleworker." Sure, he isn't NORMALLY a teleworker (e.g. he usually works out of the office). But he took work home. He was telecommuting. There would have been little chance of this data being stolen had he not "telecommuted."
Telecommuting has drawbacks. The number one issue is that the home is not usually a good environment for work. This includes issues of safety and data security. Operations are at risk if you do not take sufficient precautions.
One interesting solution to this is thin client computing. I've experimented with Sun Ray thin clients that connect over a broadband connection back to a server. No data is stored on the thin client. All it really transmits is pixels and keyboard and mouse clicks (encrypted, too). That's the right way to approach this. Never store data away from the people paid to protect it (then make sure those people do a good job).
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
Really, what is more important, saving the planet or a few million VA records. I think the number one reason to support telecommuting is so people can live in the area of their choosing and still earn a decent wage. Commuting is wasteful of both time and energy. I can't believe the sierra club and greenpeace don't push telecommuting more.
Find coupons in Greeley
Actually, IIRC, the telecommuter's boss and his boss both got dinged, too.
Don't make light of this, a number of people got really badly in trouble over this. As a measure of how seriously the gov't takes the situation, it is rare for any civil servant to actually get fired. In spite of the reforms of Jimmy Carter's days, it is still difficult to fire gov't employees. You'd better have your 'i's dotted and the t's crossed, too! Upper management hates to go that far, especially if the employee has over ten years in, and I think this guy had 11 or 12. Get fired like that, and you lose your pension and everything. So if they fired this guy, it's serious.
I work for another Department, and we take security very serious. ALL agency laptops are installed with a standard image using Ghost, an image that uses Pointsec to encrypt the entire hard drive. Yes, we take a performance hit, but to safeguard data, it's worth it. Users have no choice. It is installed before they get it, and when they are issued the unit, they are given the opportunity to set the password (at least 8 digits). If they forget it, they are told, the HD is toast, and must be reformatted. (not really, there are admin PWs we can use, but that makes them MUCH more careful!) They are warned not to store data on the HD, cause if the OS develops a problem, all we'll do is reimage it. We use an elaborate VPN system, with tokens, to allow employees to remotely connect. They don't need to keep data locally, and it is discouraged. With our setup, a lost laptop is just a lost item; a thief would have to reformat the HD to use the laptop. Our data is not accessable.
"Money is truthful. If a man speaks of his honor, make him pay cash." Notebooks of Lazarus Long, Robert A. Heinlein
So those uppity geeks think they can sit at home on their tender pimpled asses and draw a paycheck ? Taking our sensitive data home ? Workin in pajamas ? We'll show 'em! We'll send our data and IP to the other side of the planet to folks we've never met, where our laws don't mean squat...and we'll save massive bucks to boot! Yep, that'll larn 'em...
</irony>
007: "Who are you?"
Pussy: "My name is Pussy Galore."
007: "I must be dreaming..."
It's about walking around, in any circumstance, with megs of sensitive information on a portable device that isn't encrypted. Whether it's a desktop, laptop, USB device, external hard drive, PDA, cell phone or iPod. It's really about non-existent data security policies, data security audits of vendors handling sensitive customer and employee data and, above all, it's about no accountability in government or private industry for mishandling sensitive information.
When companies are liable for millions in damages for lost privacy act data, you'll see change bordering on a religious revival. Until then, it's just the masses whining.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
I work at a place where I deal with or work with Telecommuter and is quite the norm. Of these MOST of these people are only part-time telecommuters.
What I don't understand is why people are not the built in features of laptops - ANY NEWER Laptops have a Power on password. Many newer ones even have HARD DRIVE passwords (so you can't swap out the drive to use it on another PC). Some even are coming with THUMB readers. Prevent thiefs - ALL laptops have docking stations or cable slots where it can be LOCKED down. If not locked down and not in use then put it in to a LOCKED cabinet. Also to NOT have it in the open cab of car (put it in the trunk - for the smash grab and dash thiefs) - also not good if it hits you in the back of the head in an accident..... Use a BREIFCASE or BACKPACK or CARYBAG that does not scream "I GOT A LAPTOP FOR YOU TO STEAL!" (these are all actual policies where I work).
Also you can secure your Email by always accessed it via VPN and by using IMAP based or HTTPS web based (and/or require RSA token access). Any Local "copy" in the email client is encrypted (We use PGP? or such). I don't telecommute - but I personally only use IMAP (when at work) or WEB BASED email clients (ie: Squirrelmail and such) for the last 12+ years. No chance if SOMEONE steals my PC and tries to look at my MAIL - I don't even have a PC based mail client (no spam bot using POP3 on MY email account - unless they use there own client-but then I have that port BLOCKED on my personal firewall). In 12 years I have not got infected by even ONE virus by email (I get a "hit" every couple of weeks with one - but getting fewer)...My ex-wife however insist on using a pop3 client and has gotten infected many times.
Also setup most business applications such they can be used via VPN and a local client or has a web based interface and/or Citrix/Termial Services or VMWare or such. Also provide Backup space on their servers for your "EXCEL" and "WORD" type of documents. A hot sync Software tool make this easy.
One big thing is adopting a software policy - ONLY install APPROVED software on any BUSINESS PC - no personal software or "free downloads" or demos. As well only approved "accessories" may be attached/used (ie: Thumb Drives and External drives etc). And by approved - I mean not by some "know nothing" boss or supervisor - but approved by IT and/or management who is in touch with what is acceptable and is safe to use. After all this is not your personal PC but own by your employer's. (like the "scattered" or "found" USB drives that was used at one BANK location - most was picked and pluged into the BANKS PCs by there own employees.)
Where I work they also PUSH all virus/spam/firewall and security fixes so your always up to date. They also adopted a PASSWORD policy where you have to change password often and not duplicated etc....
With a GOOD policy and ENFORCING it to protect everyone's butt and with a bit of free software and/or a bit of spending of money/time - a Stolen Laptop could means little to NOTHING in impacting a business - with the biggest being the replacement cost of the laptop and going though and wiping out and resetting any and all of the user's passwords (in case people "keep" a list of passwords on the PC or use "auto complete" or other password reminder tools....) and yes I now there is secure "password" tools out there that would be hard to defeat - at lease before they able to crack/hack it to it - you should have all you password reset.
A stolen laptop that causes problems for a business - they had set them selves up for failure to begin with - however the one of the WEEKEST parts is the employee them selves. It costs very little to make a POLICY, and to make minor changes in how people use there PC. Just remember to enforce it (MANUALLY spot checking if you have to - even "leak" out a rumor that it will happen before you do - I can just hear the hard drives going crazy when that gets around....), if you don't - a policy on paper means zilch (nothing) if people are not following it.
I've been writing IT articles since 1987. In those 19 years, I've visited my publisher's office exactly once and I've met exactly one of the editors I've worked for.
Tech Public Policy stuff
I can remember the only time a company let me telecommute: I broke one leg, the other knee, and shattered a hip in a car accident, and they gave me an LA-36 Decwriter II, an acoustic-coupler(!) modem, had an extra phone line put in during my convalescence, and whenever I needed paper or ribbon I had them the next morning.
"Encryption", as such, consisted of mixing-up the data lines on the parallel-side(s) of the UARTs (8!=40320, back then they thought _that_ was hot sh*t; but I thought that was a pain in the *ss because I could only talk to the one modem at work and nothing else).
Good times though (except for the medical).
"It's time to take life by the cans." ~ Bender ("Bendin' in the Wind", ep. 3-13)
ORRR.... The problem is having a flawed Corporate Management who will not supply the IT/Network group with the proper resources (budget/training/personnel) to IMPLEMENT proper IT/Network Security policies.
This was not a telecommuting problem at all! This guy was not even supose to have the data on his laptop in the first place! He violated policies by taking the data home on his laptop Go back and reread the stories about what happened.
Shhhh, you're destroying the manufactured controversy.
In reality, nobody is pointing fingers at telecommuters -- in fact, in the incidents that I've heard in the news lately, there wasn't any real "telecommuting" going on. Somebody just copied an assload of data off of the server to their local machine, and then took the machine home with them. I'd call that 'working from home,' not 'telecommuting.' And the copying of the data onto the local machine was just inappropriate to begin with. That's mostly a user-training issue and not a technological one.
Sure, there are measures that could have been put in place to allow the behavior to happen without creating such a huge problem in the event the laptop was stolen: the drive could have been encrypted, etc. But ultimately, if you don't train your employees to follow the security procedures, there are always going to be problems. (Use encrypted HDs and don't tell people not to use USB sticks, you're going to get data loss. Say 'no USB sticks,' and they'll use CD-RWs. Or email. Or whatever. My point is, the problem at that point is not technology, but your users.)
I doubt that the data loss events will cause anyone who's legitimately telecommuting or even working from home to do anything differently. The only thing it should do is serve as a wake-up call to managers who are allowing employees to do things that they're not really supposed to do (like take large amounts of sensitive data home with them). In the long run, it'll probably make the new encryption features in Win Vista more popular, but that's neither here nor there.
All in all, I think the controversy was manufactured. It was obvious enough to anyone watching on CNN that the fault of the VA incident lay with the employee who took the data home on the laptop when they weren't supposed to; it wasn't a failure of some telework scheme, just user error / bad judgement.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
This is very interesting to me. I work for a company that provides financial software. Our security is almost non-existant. I'm about the only person who could impliment any serious security, but it has been put to the bottom of my priority list by the boss. Makes me sick sometimes. Anyone that has worked for our company, or even one of our customer's companies, could EASILY rip someone off pretty bad. Not to mention completely fubar a load of businesses in one shot.
:)
Maybe I should force feed some of these articles to my boss.
Can all fish swim?
Actually outsourcing of services is just the natural extension of telecommuting: stuff that can be done remotelly for $X hour by somebody a couple of miles away can just as easilly be done for $Y hour (were Y < X) by somebody thousands of miles away.
In other words, anything that can be done remotelly is just as suitable for telecommuting as it is for outsourcing, since in it's simplest form outsourcing is just having your workers telecommute from a far place.
The point here is that anything that does not require the worker to be physically onsite always or often will end up being outsourced and that the great telecommuting revolution that some still seem to expecting has already been overtaken by the even greater outsourcing revolution - forget about working from a paradisian island for western wages, at this point the best one can aim for is telecommuting a couple of days a week.
I've been told by many managers that they've tried it, and people just flat-out blow off work when they're home, and productivity drops.
I've had several jobs now where telecommuting wasn't allowed at all, by company policy.
Every once in a while I would have an "emergency," like a repair on the house, or a delivery of furniture, or whatever, and I would tell my boss that I would have to be at home, but that I would still be working. One time it was a Unix admin position, so it could be done from anywhere, especially since many of the servers were colocated or managed. Another time it was doing technical support for java deveopment teams for a major Swiss bank.
So you tell your boss that you can't be in the office anyway, so you'll do some work from home. Then, while you're home, kick ass. Get tons of stuff done. Most people in an office kick back and do the minimum amount of required work, so it isn't hard to show how productive you can be when working from home. Do it off and on, maybe when you're sick, maybe when you have a child emergency, whatever, but if you can come up with a legitimate excuse to be home, take it, and work your ass off.
A lot of times your manager will see that you're a very productive worker, and through some simple tactics you can work out a situation where you can increasingly avoid having to commute. I had an hour and a half train commute each way to the swiss bank gig, so it was worth doing some extra work to be able to sleep an extra hour and a half on occasion, and even if I worked an extra half hour at night, I was still done with work and home an hour earlier.