At a glance.
- Remote work presents organizational and cultural, as well as technical, challenges.
- CISA advice for secure telework.
- Relaxation of HIPAA enforcement involves acceptance of privacy risks.
Teleworking or just phoning it in?
US Government agencies have been urged, by the Office of Management and Budget, to provide maximum opportunities for their personnel to work remotely while the country copes with the COVID-19 pandemic, but that guidance has received a mixed reception in practice. Congress is urging more commitment to telework, Federal News Network says. Sixty-four members of Congress have written President Trump, asking that he issue an executive order to give OMB's suggestion some teeth. Congress has been hearing from constituents who say that their Federal supervisors have denied requests for remote work by employees whose jobs and circumstances make telecommuting feasible.
It's also not helping contractor personnel, because many of the contracts under which they work explicitly require them to be on-site, and their Federal supervisors usually lack the authority to modify the terms of a contract, Nextgov reports.
Finally, there are apparently cultural obstacles standing in the way of remote work. Telecommuting has in many agencies acquired a bad odor: whiffs of shamming, malingering, and skating have collected around it. To be fair, some of that historical suspicion may not be entirely without reason, but these are special times that call for special measures, and a more supple response than some organizations seem prepared for. Federal News Network describes some of the mixed messages workers have received. This was one report from the Census Bureau: “The telework messaging has been accompanied by underhanded comments like, ‘remember you are still on the clock,’ and, ‘you are expected to still be working and available.’ Of course we know that! Messaging like this shows there is still a stigma to teleworking." These range from outright inflexibility to ambivalent instructions. The Department of Agriculture, for example, recently no friend of telework, has felt it necessary to remind people that "telework is not a substitute for dependent care."
Advice from CISA on secure telework.
The US Cybersecurity and Infrastructure Security Agency (CISA) has some suggestions for secure telework that all organizations, whether public or private, might consider. CISA recommends virtual private networks (VPNs), and has advice on how to use them securely and effectively. This is important, because as VPNs rise in importance, they become attractive targets for criminals. CISA recommends updating VPNs and associated systems used for remote work so they’ve got the latest patches and sound security configurations. Employees should be warned to expect more phishing attempts. Security teams should dust off their plans for log review, attack detection, and incident response and recovery. Use multifactor authentication and strong passwords. And, before it becomes a problem, test the limitations of your system and plan for higher usage.
Trading risk of data exposure for better healthcare delivery.
The Department of Health and Human Services' (HHS) recent relaxation of Health Insurance Portability and Accountability Act (HIPAA) enforcement in ways that make it easier for healthcare providers to interact remotely with their patients has raised concerns, the Washington Post reports, that the confidentiality of medical information may be at risk. That's a degree of risk the US Government is aware of, and prepared to accept and manage. HHS wants to enable doctors and others to take advantage of readily available and often free communication platforms that haven't undergone the expensive and time-consuming vetting necessary to certify them for carrying HIPAA-protected data. Most of the platforms will be familiar: FaceTime, Google Hangouts, Skype, and Facebook Messenger. The risk, of course, is that users won't secure the tools properly, especially with encryption.