Feature: Dangerous employees

Annie Hayes

Sift

Editor

Feature: Dangerous employees

By Annie Hayes

A click here and a submit there can get employers and their organisations in serious hot water; Chris Minchin membership manager at FAST Corporate Services highlights the risks associated with PC misuse.

Getting the right policies and procedures in place is key if employers are going to protect themselves from some liberal surfing and dangerous downloading.

These fictional characters illustrate the problem:

Harry in human resources: Harry is an avid computer games player and downloads a game from the Internet by simply clicking on ‘I agree’ without reading the licence agreement.
Outcome: It is the company director that is responsible for any breach of the licensing terms that he has accepted, resulting in a fine or even jail sentence.

Flo the finance controller: It is Flo’s boyfriend’s birthday and she downloads some music to burn on to a CD for him.
Outcome: While downloading music files, Flo has unwittingly put the organisation at risk as the peer-to-peer file sharing application has planted spyware on the PC, releasing confidential company information into the public domain.

Mable the marketing manager: Mable is working on a presentation for a client and orders a design package to complete the finishing touches to her work.
Outcome: The company pays double what it should have as its web designer already has a licence agreement that gives two users the right to use the software concurrently.

Prunella the PA: Pru is searching the Internet for a new company mobile phone and orders it online.
Outcome: Pru has unwittingly given the company details and bank information to a fraud becoming a victim of ID theft.

Larry the legal eagle: Larry buys the latest update of his office software. He is very computer literate so throws the box and documents away, as he knows exactly how it works.
Outcome: Larry has thrown away the paper licence agreement and all proof of purchase.

Sid the security guard: Sid has downloaded a Kylie screensaver and copied it for his colleague.
Outcome: A screensaver is copyrighted material and should therefore be treated in the same way. In this case the licence states it is not to be copied under any circumstances.

Sandra in sales: Sandra takes her laptop home and uses her own USB flash drive and software to transfer photographs from her personal PC to the laptop.
Outcome: The files she transferred included a virus which could get onto the company network, presenting a security risk. In addition, the laptop could be missed from the network audit and therefore any illegal software is unrecognised unless the business conducts a manual as well as an electronic audit.

Reducing the risks
Although these examples sound extreme, they are common place in many organisations. FAST Corporate Services recommends that directors invest the time to understand these issues and support the development or updating of current IT policies and procedures, to avoid facing any legal action resulting from the misuse of corporate IT assets and software.

HR plays a very important role in this, working with the IT and finance departments to ensure that company IT policies are accompanied by clear procedures throughout. These should be reinforced by disciplinary processes to ensure that policies and procedures are adhered to throughout the business.

In addition businesses should carry out an IT audit to assess software use and licence compliance and identify any IT hardware that could pose a security threat. This should be done through an electronic audit as well as a ‘walk-around’.

Most company directors are unaware that the responsibility of ensuring company software is licensed lies with the director(s) of the business. As publishers crack down on software piracy, businesses would do well to remember that ignorance is no defence in a court of law.

Many software publishers allow invoices to be used as proof of licence purchase, so it is worth reconciling audited software to invoice numbers as well as licence numbers as a backup. Organisations are often able to identify cost savings at this stage, as they discover licences that are not being used and can be re-allocated, rather than having to buy additional licences.

Employees invariably spend many hours at their workstations and often treat their computer as their own property. Today most computer users are extremely proficient and unless employees know what is acceptable they will not know that they are doing anything wrong.

It is important for a director to be aware of new technologies and the threats they could bring, including spyware, instant messaging, flash drives, phishing and identity theft. The business can then take the necessary precautions before an employee unwittingly puts the business at risk.