Monday, August 15, 2011

Security of client data when people telecommute is becoming a bigger issue; a Seattle hospital gets hit

People who work from home may be inadvertently exposing clients of their employers to theft of information. A news story in SC Magazine reports how an employee accidentally exposed data on patients of a Seattle hospital through changes in his home network, link here.

Although it has become popular for some employers to expect associates to supply their own systems for work-from-home jobs, security standards for these arrangements don’t seem to have gotten the systematic attention they need.  

It may be less of an issue as long as the employer supplies the laptop (which may have been the case with the hospital in this story), but employee home networks could be subject to Wardrive attacks if not properly password protected and encrypted.

A safer solution is for the employer to use a reliable and totally separate and encrypted online access, such as Verizon cellular wireless, with RSA Tokens for sign-on.  Using an employee's hardware (even cell phones, with the saving of phone numbers and messages in memory) always adds to potential security threats.  

No comments: