Spoutin' Off: At work, don't do virus' job
By Michael E. Rau
June 12, 2006
First off, if you're reading this column - Thanks!
However, if you're reading it online at work, I just have to ask - Is it OK with you're employer that you're doing so?
I ask this because I don't want you to get in any sort of trouble on my account, but also because personal Internet activity in the workplace is the topic of several recent studies. The facts revealed by these should make you think about your online activity at work.
So maybe youre someone who respects your employer enough to refrain from using company time to engage in personal activity. Even if you only check your email or look at Websites during your break, you still could be putting your companys network at terrible risk much worse than you might experience yourself on your home computer.
One study, released by an Internet security firm called Websense, says that 17% of respondents admitted visiting a site with pornography or other adult content while at work, even though 46% of those felt they were placing their jobs at risk by doing so.
Say what? Jeepers, folks Cant you at least wait until you get home?
On top of that, 24% said they watched streaming media at work (fortunately, I get paid to do that), 17 % had used IM at least once a week, and 18% had downloaded and stored personal multimedia on their work computers.
On average, employees spent two hours per week online engaged in personal activity. Whether or not your employer is concerned with this loss of productivity from their workforce is up to them. Im more concerned with a bigger fish to fry.
Weve discussed the evils of malware within this column on many occasions, and hopefully, youve heeded some of the advice in terms of dealing with the virtual unknown. But we all know that there are still millions of Web users who remain oblivious to security risks online, and thus contribute to making the Internet experience a less enjoyable one for the rest of us.
So consider this: The viruses or worms or keystroke loggers or other pieces of electronic detritus you might download onto your personal system are spread exponentially when loosed within a network such as is typical within a contemporary corporate infrastructure. The amount of damage you can do by downloading malware onto a corporate network is staggering.
If you think a computer-savvy workforce should preclude such risk, consider these numbers from the survey:
Almost 20% of companies polled said that someone within their organization had launched a hacking tool or keystroke logger within their networks. As previously expressed here, keystroke loggers are among the most insidious hacking tools out there as they literally record every keystroke, and then send that record to a preprogrammed IP, thus giving the recipient every single scrap of data entered on your companys network.
Additionally, 80% of companies surveyed said that they had employees receive phishing attacks either through email or an instant message, and that of those who had received such, almost half of them clicked through to the link indicated.
Id hate to think this, but I wonder: Are people as concerned with Internet security at work as at home? Do they assume that their work computer is secure and thus would ward off any possibly damaging attack? Do they care less about the security of their work computer and thus are willing to take risks there which they wouldnt otherwise?
50% of respondents said theyd rather give up their coffee break than lose their ability to Web surf while at work. But if companies cant trust their employees to use their networks responsibly, what choice do they have but to restrict access or cut their employees off entirely?
Some employers are now going so far as to threaten termination for unauthorized online activity not so much because of the productivity issue as the security issue.
Theres one other point to make in relationship to this problem: A study conducted for Internet security firm ProofPoint found that 1 in 3 companies have terminated an employee in the past year for violating their information-security policies, and half of those surveyed had disciplined an employee for the same reason. And 1 in 3 companies surveyed said theyd investigated an employee within the past year for suspicion of leaking confidential or proprietary information.
The same study said that 1 in 3 companies are now employing individuals or outside firms to monitor their workers outgoing email. Other companies are using sophisticated software to scan and monitor workstations for illegal downloads, unlicensed software, and unauthorized content.
Is this fair? Absolutely!
This isnt brain surgery Its not your computer, its not your network, and its not your data. What in the world would make anyone think they have the right to treat it like it is?
If you want to send me an email about this column, please wait until you get home Or at least make sure you violate no company policies by doing so.
Michael Rau is a mass-communications consultant in Virginia Beach. To send feedback or view past columns, visit http://dailypress.asoundidea.com.
Copyright © 2006, Daily Press