Homework exposes firms

New government research published today shows that increased levels of home working have brought a wave of problems for IT departments. A year after the government brought in rules to enable more people to work from home, firms are battling a growing number of security issues opened up by remote working.

Over the past year business use of remote access technologies has risen substantially, due to flexible working regulations designed to help parents with young children. The DTI's Information Security Breaches Survey 2004 shows that 86 percent of large UK organisations now allow staff to access information via dial-in or the internet, compared with 71 percent in 2002.

However, almost a quarter of firms, 23 percent, admitted they lacked the processes and technology to detect unauthorised access through such channels. A further eight percent said they had identified such intrusion attempts. The DTI survey - which will be released in full at this month's InfoSecurity show - also found that a third of companies now have wireless networks, up from two percent in 2002.

Andy Beard of consultancy PwC, which conducted the survey, said remote access adds to vulnerabilities. "It potentially opens up additional security risks and the mechanisms have not been to put in place to show firms recognise these risks," he said.

Beard cited the example of an organisation that had seen a sizeable increase in virus attacks. "People connecting their own PCs to the corporate network were most at fault for this," Beard said. "You can't control who surfs that PC at home, or push out virus signatures to individual PCs."

Many firms are not doing enough to make it hard for hackers to breach wireless or remote links. A quarter of the 1,000 organisations surveyed relied solely on their standard password controls to manage remote access; 21 percent used additional passwords. Only 12 percent had a virtual private network (VPN), and one in 20 used two-factor authentication or digital certificates.

A separate government survey revealed that 13 percent of all employees had requested flexible working arrangements over the past 12 months.

A tenth of these requests were for home working. With a working population of 28.3 million, that equates to 370,000 requests to work from home.

To protect themselves, firms must tackle the particular dangers raised by remote working - ensuring that data stored on laptops is encrypted, for example, and protecting access points and data sent via the web or dial-up. "Too many organisations rely on username and passwords, instead of two-factor authentication tokens, for example," said Gary Clark, vice-president for network security firm SafeNet in Europe.