Teleworking - Business Continuity Opportunities and Threats

By David Honour

IDC issued a report recently in which it predicted that the worldwide mobile worker population will increase from more than 650 million worldwide in 2004, to more than 850 million in 2009, representing more than one-quarter of the global workforce. Asia/Pacific (excluding Japan) currently has the largest total number of mobile workers, followed by the United States and Western Europe. However, in percentage terms, the United States has the most mobile workers in its workforce. By 2009, 70 percent of the US workforce are expected to be mobile.

Teleworking presents advantages to business continuity managers, in that the distributed nature of the workforce provides inherent resiliency. Teleworking can enable continuity of business during mundane business interruption incidents, such as snowstorms or traffic problems preventing staff being able to travel into a central office; and teleworking can protect against more unusual and esoteric threats. For example, it reduces the risk of losing a cohort of critical members of staff due to a single geographical incident or disaster; and offers a business continuity solution to wide area incidents such as pandemic influenza; or a CBRN-based terrorist attack.

In the US, TelCoa has been very active recently in promoting teleworking as a business continuity strategy. TelCoa suggests that companies should follow certain guidelines to facilitate the implementation of telework programs. These are:

• Determine who in your organisation is in a position to perform their duties from home. This would include workers who spend the majority of their time on the computer and/or phone. Further, modify work activities so they can be carried out from home; for instance, this may mean digitising many more of your records and information.

• Coordinate with your IT departments to verify that these workers have a secure means to remotely access the corporate network(s).

• Develop and coordinate with managers an immediate plan to train workers on the basics of working from home and how a telework strategy promotes your organisation’s objectives and business continuity.

• As soon as a plan is in place, test your plan, evaluate it, adjust and refine it as necessary and test it again and again until telework becomes a part of your working culture.

• Develop a two way notification system to let your staff know when your emergency telework program is in effect and so they can report their whereabouts and receive instructions and support.

As well as advantages, teleworking also offers significant information security challenges. This issue has been highlighted by Internet security company SonicWALL, which has expressed fears that the move towards teleworking could result in a dramatic increase in corporate security breaches. To stay safe, SonicWALL recommends that businesses install a VPN and take the following actions:

• Isolate the telecommuter connection - where the teleworker unit is on a shared network at home it should not be possible for the VPN tunnel to be accessible to anyone else on the home network.

• Enforce network protection at the telecommuter site - companies should consider giving teleworkers security levels at home that comply with the basic minimum corporate standards thereby enforcing a multi-layered defence mechanism that incorporates firewall, anti-virus, content filtering and authentication.

• Scale the telecommuting network infrastructure - the majority of enterprises will require VPN connections with many different users so it is important that the solution should be scalable to allow security measures to be deployed rapidly via a web browser.

• Manage telecommuting security policies - any solution must be capable of being managed remotely by the company's service professionals so that the VPN links remain in full control of the organisation at all times.

• Perform stateful inspection - where malicious attacks are detected at the application layer rather than at operating system level.

• Comply with international and local information security standards.

British Telecommunications (BT) reiterates the need to look carefully at security issues when establishing a teleworking policy. BT recently highlighted the security issues raised in a Computer Weekly survey, which found that more than half of the UK SMEs surveyed use at least three examples of wireless technology for mobile and teleworking. While welcoming the trend, BT warns companies to make sure that they have the appropriate training, security, business continuity and flexible working policies in place, rather than allowing the ad-hoc and uncontrolled development of teleworking. However, the survey results show that the latter is the norm in many businesses, with less than 50 percent of small businesses giving staff training on how to use mobile technologies securely. Additionally, more than 60 per cent of SMEs do not have a formal policy on flexible working and teleworking.

Bill Murphy, managing director of BT Business, says: “It is essential for any organisation introducing wireless technology to take steps to safeguard fundamental systems such as phone and data networks. The threat posed by viruses, hackers and fraudsters affects every organisation – both large and small. For an organisation to fully realise the benefits of any investment in wireless technology, it is absolutely crucial to assess and address all security issues as part of comprehensive business continuity plans.”

As well as increasing the information security threats to organisations, mobile working makes communications continuity an ever more important issue. The communications network becomes the lifeline, not just between the company and its customers and suppliers, but also now sits at the very heart of day-to-day business processes. If communications network fails, employees can not work for long. Vital data becomes unavailable and team working becomes impossible. Whereas ten years ago many businesses could operate for many hours, or even days, without access to telecommunications services, today’s business grinds to a halt much more quickly. And the greater the investment in teleworking, the greater the impact communications outages have. The need for true communications high availability solutions is now a genuine one.


To view this article at its source, please visit http://www.continuitycentral.com/feature0275.htm