Telework Exchange - Eliminating Gridlock
Commuting Costs
$74,554,497
112,820,298
 A public-private pertnership focused on eliminating telework gridlock
Telework Savings
$16,862,295
24,849,863
Click here for legend
What is Telework Exchange?
    Press Room

Home

Register

Log In

The Teleworker
    March Issue

Telework News

Online Telework Eligibility Gizmo

Town Hall Meetings
    Previous Events
    Spring 2010
Event Details Schedule Register Sponsors  
Telework Exchange Webcasts

Unlock Gridlock 2010

Tele-Vision Awards

The Great Commuter
Stress Out

Telework Day
    Report Findings


Resource Center
    Success Stories
    Technology
    Research Studies
    Leaders
    Federal Agency Information
    State and Local Information
    Legislative Perspective
    Telework Employment

Commuting Costs Calculator

Telework Savings Calculator

I Scream for Telework

Money Tree Campaign

The Water Cooler

Industry Associates

Affiliates

Submit Feedback

Privacy Policy

Contact Us

Site Map


Copyright 2009
Telework Exchange

Welcome, today is Friday, March 12, 2010
The Telework Exchange Teleworker - September 2009



Deploying the Safe Laptop
An Interview with the USPTO

The United States Patent and Trademark Office (USPTO) has one of the longest-running and most successful telework programs in the Federal government, with more than 80 percent of its 5,913 eligible positions participating on a regular basis. What's more, approximately 2,053 of its patent examining employees and trademark examining attorneys are true at-home employees, spending four days a week working remotely.

That level of success, however, is fully contingent on a well-devised and well-executed security program. Danette Campbell, the USPTO's senior advisor for telework, and Rod Turk, director of the Office of Organizational Policy and Governance within the Office of the Chief Information Officer, have worked together to put in place strong telework security policies, training requirements, and security and privacy practices that effectively safeguard laptops and agency data and maintain executive support of the program.

The emphasis on ensuring secure connections between remote workers and USPTO office locations has enabled the agency to fully reap the more tangible benefits of telework. These include a 10 percent improvement in workforce productivity, the ability to increase the workforce without increasing real estate costs, and cost savings of more than $11 million to date.

Campbell and Turk recently discussed their security philosophy and program details with The Teleworker.

Q: Is there such a thing as a safe laptop, and what does it need to have in terms of key technologies?

A: USPTO has to move massive patent application and trademark agreement documents back and forth online continuously, which means that it must be able to do so in a very secure, error-free environment. As a result, USPTO has spent a good deal of time devising ways to encrypt all the data on which people work in an online environment. It has also gone to great lengths to make certain no critical data are stored permanently on USPTO-issued employee laptops. So information is stored on a USPTO server – not on the laptop itself.

Agencies should configure the remote laptops to mitigate the risks of them being used in a manner that comprises an agency's mission. This includes:
  • Encryption Industry-standard strong encryption of the hard drive
  • Login – Unique, single-user, pre-boot authentication through the hard drive encryption software and then laptop operating system, with a "strong" password that users are required to change on a regular basis
  • User Permissions – Users are not set up with local administrative rights
  • Software Firewall – Pre-configured firewall software that allows any network traffic that is required to conduct work and remote support, while blocking unsolicited network traffic
  • Anti-Virus – Automated and regular definition updates and pre-configured virus scanning
  • Spyware – Spyware, adware, Trojan horse, and hijacker detection software pre-configured with automated definition updates
  • Operating System Updates –Automated/scheduled updates to the operating system for security and critical patch-related updates
  • One Master Baseline – All laptops are configured with one master baseline and are maintained and supported through remote assistance and remote management software

Q: What are the most important security points that USPTO includes in all teleworker training programs?

A: The USPTO provides extensive training: all teleworkers receive non-IT and IT training before they are deployed to work from home. The IT training teaches the employee how to work from home using their equipment properly. USPTO teleworkers are trained on and receive associated documentation describing the IT policies that must be followed when working remotely. These policies also are published on the USPTO intranet Web site. The IT policies require the following responsibilities and agreements:
  • Teleworkers must understand that they are required to take all necessary steps to safeguard government equipment from loss or theft
  • Absolutely NO data, of any kind, is to be stored on a teleworker's local laptop hard drive
  • Teleworkers do not have permission, nor the ability, to load additional software on their telework laptop
  • Teleworkers are responsible for maintaining the confidentiality of applicant files and agency work products in accordance with their business area requirements
  • Teleworkers are not permitted to use their laptops in any location or under any circumstance where non-agency personnel may be able to view restricted information, such as a hotel lobby, airport, or coffee shop

In addition, unless on leave from the office, all employees are responsible for connecting their Enterprise Remote Access (ERA) laptops to the USPTO's virtual private network (VPN) at least once per week (meaning every seven days) for a minimum of fifteen minutes. This action may be taken during core business hours, at night, or on weekends. Ensuring that all ERA laptops make this connection weekly permits the USPTO to perform routine asset verification and provides an opportunity for any critical software updates (or "pushes") to occur.

Q: Summing up: What is the best laptop security advice you can offer to other telework program coordinators?

A: Consider the risks associated with having a dispersed, at-home workforce and ensure that extensive telework training is in effect for teleworkers and managers. In addition, managers and teleworkers alike should receive education and be knowledgeable regarding their agency's information technology policies. The best laptop security advice, though, is to put in place the very specific security policies mentioned earlier. They will enable you to create an environment that ensures a secure connection.
September 2009 Articles

Telework Proponent Congressman Connolly Recognizes 2009 Tele-Vision Award Winners

Deploying the Safe Laptop

NIST Documents Its Official Telework Security Recommendations

Telework Adds Up for FinCEN

Home-Based Work Equals Career-Friendly Success for Military Spouses

Stepping Out of the Office:  Mobile Voice Systems Can Help

Telework How To’s:  The Benefits of a Telework Pilot Project

Telework News Update

Click here for a printable version of the September 2009 The Teleworker