When it comes to IT security, your company's biggest threat is likely on your payroll-employees who forget to log off from password-protected databases or who lose flashdrives with confidential information, for example.
Or, as Ralph DeFrangesco wrote, employees who use the "I forgot" software downloading plan:
"Every time I have had to talk to an employee about downloading unapproved software, I hear, "Oh, I forgot." Every policy I have read has said something about not loading unapproved software. But, most employees consider this to mean only software that they download from the Web. This also includes an employee's personal software and any beta software."
What employees are putting on their computers without permission is a growing problem. ScanSafe has released a report that shows a 55 percent increase in illegal MP3 and software download attempts over the last three months on corporate networks.
"Employees mistakenly assume they can use the Internet at work in exactly the same way as they use it at home and this is potentially one of the reasons for this steady increase in illegal download attempts over recent months," said Spencer Parker, director of product management at ScanSafe. "Inappropriate Internet use in the workplace can put the employer at risk for legal liabilities. Downloading illegal content is a double whammy' for employers as not only does it put them at risk legally but it also puts the company network at risk of being infected with malware. A large majority of free illegal downloading websites are often riddled with malware."
More proof that the enterprise needs to be proactive with computer use, including firm Internet policies and implementing security solutions that completely block employees from accessing illegal Web sites, while ensuring corporate network is protected from malware at an affordable and predictable cost.
Policies available for download in the Knowledge Network can give your company a headstart on gaining control over these risks. For instance, see Indiana University's Appropriate Use of Information Technology Resources Policy, and then the university's Misuse and Abuse of Information Technology Resources Policy.