Employees Using Company Internet for Private Reasons Can be Risky

Computer systems, connected to the local network and the World Wide Web have become ubiquitous in all organizations. Just as chicken pox is a contagious disease in a class of 7 year olds, security problems in one PC can infect and affect all the PCs on the network.

IT analysis company IDC has lately released a survey giving some frightening results. It says that during 2005, almost 40 percent of companies suffered malicious software or malware through computer virus or worm whose main source was no longer e-mails but surfing the Internet.

The participants of the survey were some 200 Danish companies. The survey was conducted on behalf of software company, Danware. The IDC survey reflects a picture of great faith between the Danish companies and their employees. This, however, implies that they are exposed to risk of Internet threats.

Even though two-third of the companies in the survey had brought to force IT policies, most of them permitted their staff to use company Internet for private purposes. This could result in risk of lost productivity, legal liability, and malware download from the Net, added with risk of breach of confidentiality. It not only could lead to disclosure of users' identity but also cause financial or legal damage to the company without even knowing it was happening.

Surfing at home using the company's Internet connection is a risk factor often overlooked. In an instance demonstrating this, users of a poker website got a so-called Trojan horse when they downloaded a 'help program' from that site. The program allowed the opportunity to transfer files to the PC and execute them. This can result in unlimited damage for a company if those behind the malware intentionally do the damage to the company.

Companies are advised to do a lot to follow the content of the agreements in their IT policies. Management can use several monitoring tools available to get an assessment of the time spent and surfing activities of their staff that does not require direct monitoring of the actions of the individual employee.

Related article: Employees Pose Internal Risk in European Businesses

» SPAMfighter News - 9/22/2006