Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Infosec: Illicit images in the workplace

Don't underestimate the power of porn to cause trouble.

Article comments

Controlling the abuse of illegal and inappropriate images in the workplace is an increasingly important part of managing risk for an organisation. Inappropriate use of company computer resources for pornography can lead to a host of problems, including lost productivity, viruses, serious business interruption and civil or criminal lawsuits. But with the a proliferation of plug-and-play storage devices such as MP3 players, USB keys, high speed connectivity and unmonitored out-of-office network activity is it possible to eliminate the risk?

What are the risks?
UK legislation is clear; company directors and the managers they appoint can be held personally liable if negligence is found in the management of data and images on company computers. Prosecution can be carried out under legislation including Child Trafficking and Pornography Acts, Sexual Offences Acts, Obscene Publications Acts and Civil and Human Rights Acts.

Reputational risk is hard to quantify, but if a company is found to have allowed illegal pornography on to its computers, or is sued for sexual harassment it can have serious and long-lasting financial repercussions. Corporate social responsibility requires protecting employees, creating an environment in which employees feel comfortable working and being a responsible part of the business community.

“It doesn’t happen here!”
Don’t fool yourself! According to a recent survey conducted by independent research firm Delta Consulting, 40% of US firms have disciplined staff over image abuse in the previous 12 months. In a UK survey carried out by the CIPD the figure was over 70%.

Results of a recent survey of 400 public sector organisations by the public spending watchdog the Audit Commission, found a 16% increase in cases of staff accessing pornography and that inappropriate material now accounts for almost half of all incidents of computer misuse.

Protection
With the risk of a prison sentence, civil suit or adverse publicity it is surprising that many organisations do little more than install URL blocking systems and think they are covered. According to the Internet Watch Foundation over 20,000 new porn pages are published each day making the prospect of blocking all pornographic websites at the internet gateway next to impossible.

Images infiltrate desktops and corporate networks through many other entry points including CDs/DVDs, USB keys, MP3 players, mobile phones and digital cameras.

Reducing the risk
Organisations can adopt a four step risk assessment methodology to identity and mitigate threats posed by illicit images on corporate PCs.

Step 1: Review - corporate legal and HR policies to gauge loopholes for employee abuse. Ensure:
Clarity in terms of what is acceptable and specifically what is not acceptable;
Policies embrace all possible data entry points for illicit images;
Procedures deal effectively with the discovery of illegal or inappropriate images.

Step 2: Assess - the quantity and severity of illicit images on a company’s network. Software tools are available to assess and report on the state of company resources.

Step 4: Communicate - to all staff, ensuring employees understand new policies and procedures and the repercussions if disregarded.

Step 5: Enforce - an enterprise wide process using monitoring and auditing tools to provide ongoing detection reporting and case management.

Regular audits are essential to track the overall situation and to review compliance with policy. On high risk computers, such as laptops or open access internet PCs, ‘always-on’ monitoring is a more effective strategy.

Conclusion
Clearly it is time for organisations to take action. Policy definition and enforcement, auditing and monitoring at the desktop is the only sure way of dealing with and ultimately putting a stop to an activity which carries a considerable business risk.

PixAlert is exhibiting at Infosecurity Europe 2006.


Share:

More from Techworld

More relevant IT news

Comments




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *