Naughty Employees Threaten IT Security
IT security firm 8e6 Technologies, based in Orange, CA, reported that
employee use of the enterprise's Internet presents a threat and
challenge to corporate entities in 2007. An 8e6 Technologies
study revealed an increasing number of corporate employees are abusing
the Internet for personal gain and putting their organizations at risk
of legal liability.
“The increased incidence of employee Internet abuse is continuing to
cause widespread IT and legal hurdles for many organizations,” said
Eric Lundbohm, vice president of marketing for 8e6. “Without a proper
'acceptable use policy' and effective monitoring tools in place,
organizations will continue to see extensive abuse from some of their
most trusted assets – their employees.”
Pornography remains a top concern, both in download and production (the
survey found employees uploading pornography from work to share online
and live sex shows performed by male employees from the office space.)
Employees too were downloading "a huge amount" of prohibited content
such as videos, MP3 files and movies.
"Based upon the responses from over 500 participants, music and movie
downloads were a common problem for network security professionals,
posing significant legal consequences for organizations. Hosted
websites within a company’s network and users setting up wireless
access points were among the most common infractions of Internet
acceptable usage policies cited in the survey. Not surprisingly,
however, many of the respondents cited porn searches as one of the most
frequent abuses of the Internet," 8e6 concluded.
According to the survey phising and spam-related breaches grew 38
percent from a similar survey mid-year 2006 by Interop Las Vegas. In
addition, a 17 percent increase in bandwidth consumption resulting from
employee time spent on personal e-commerce and personal finance
activities were among other serious infractions noted by the
participants of the survey. The results also showed a 67 percent
increase in the number of respondents who stressed the importance of
investing in a real-time monitoring and remediation tool that displays
an enterprise’s current security threat level in order to successfully
manage the most urgent security breaches as they occur.
One-in-eight respondents told 8e6 they wanted to incorporate laptop
filtering to ensure consistent Internet Acceptable Usage Policies
across all computers, regardless of whether they are operating inside
or outside the company’s network.
Nearly half of the respondents are faced with the challenge of
incorporating Internet filtering and reporting as part of their
company’s overall compliance program and Sarbanes-Oxley audit
preparation. This number is up 10 percent from the same survey
conducted six months earlier at the Interop Las Vegas conference.
Almost a third of respondents see web filtering as critical to blocking
inappropriate content such as MySpace and Facebook, among other social
“We’re moving into a new age of data security threats and the tools
which organizations use to manage these threats must become more
sophisticated to address the growing security concerns organizations
have today,” said Paul Myer, president and COO of 8e6 Technologies.
“8e6 Technologies continues to evolve in order to meet these challenges
as a growing number of companies begin to see the real value in
protecting both their intellectual property and their ability to
conduct business without concern over whether or not rogue employees
are compromising core values.”
Indirectly at play too is the growing use of office broadband for
sharing personal financial data in which can lead to identity theft.
Kroll's Fraud Solutions practice COO Troy Allen said, “More has changed
in the world of data protection and identity theft over the past year
than in the prior six or seven years combined.”
Allen attributes the spike in reported data breaches to more use of
electronic data in day-to-day business, increasingly cheaper data
storage options, proliferation of laptop computers and portable memory
drives, and insufficient development and enforcement of comprehensive
policies and procedures by businesses. As more organizations now
recognize what different forms of data breaches take, there is greater
recognition and response activity.
Kroll shares four key trends would emerge in 2007:
1. Corporate Preparedness Focus
– Companies and organizations will increasingly designate individuals
or cross-functional teams with responsibility for proactive data
security and breach response, and conduct greater employee education
2. Down with Downloads -- More
organizations will implement policies and practices placing
restrictions on computers and data devices, like flash drive USBs. This
will include companies disabling capabilities to download information
“Portable memory and CD downloads are conveniences, not necessities,”
said Allen. Employers will begin insisting that more information
exchange takes place via secure online transfer.
3. Social Engineering Crimes –
Criminals are looking for more efficient ways to get larger amounts of
data. One scheme that is gathering momentum is bribing employees or
actually planting employees who get hired with the sole intention of
staying only long enough to steal records. Sadly, the criminals are
tough to catch because they get these jobs using stolen identities.
Increased employee background screening will be essential.
4. Standards for ID Theft Services
– Consumers and businesses need help determining what companies are
reputable and trustworthy. In the absence of any federal regulation,
there is growing momentum among responsible service providers and
consumer advocates for self-regulation of this industry through best
practices governing how services are marketed and what business
“It’s in everyone’s interest to get this under control,” said Allen.
“People should to be able to trust the organizations they are turning
to for help.”
Kroll is a wholly-owned subsidiary of Marsh & McLennan Companies
content is copyrighted by
Ask, reproduction of any kind is not permitted without written