In the world of public-sector IT, data loss is a serious concern. Budgets are also a hot topic, and telework has emerged as a powerful way to trim IT budgets and increase worker productivity. But as all IT workers know, security and remote work don’t always mix.
The following story, as reported by The Tennessean, is sure to make IT leaders shudder:
A state employee who resigned last week told investigators that he downloaded data on 6,300 Nashville teachers so he could work from home, despite having been warned to keep his computer secure.
Steven T. Hunter, a 24-year-old former information technology worker for the state Department of Treasury, told the Tennessee Bureau of Investigation that he emailed information from a state computer system using a personal account “to perform his duties at home,” TBI spokeswoman Kristin Helm said Monday.
The Department of Treasury and the TBI announced over the weekend that Hunter had illegally uploaded a Tennessee Consolidated Retirement System file containing Social Security numbers, full names and dates of birth on active Metro Nashville teachers from a work email to a personal email address before leaving state government.
Regardless of his intention — which was under investigation at the time of this article — Hunter’s plan to simply email data to himself so he could work at home is a common work-around. When IT departments don’t educate employees on policy and empower them with the right tools, workers can go rogue — sometimes by accident.
To the dismay of state officials, the investigation of Hunter’s home computer uncovered evidence that he had searched for ways to sell Social Security numbers online, according to another article in The Tennessean. While it appears Hunter never actually transmitted the data, he was arrested and charged with identity-theft trafficking, which is a felony in Tennessee.
The issue comprises a number of trending IT topics, including mobile security, BYOD, telework and data theft. In today’s dynamic IT environments, it can be difficult for small agencies to address all of the potential risks to their data.
Download our free Securing BYOD reference guide to begin the process of locking down your data.