This week, news emerged about a government agency being infected with malware because one of its employees apparently liked to watch porn on his work computer. This is a classic case of an organization not putting safeguards in place that could have prevented this from happening.
The employee in question reportedly visited thousands of porn sites, even going so far as to download images onto an unauthorized thumb drive. This is the nightmare of any IT administrator out there. The good news is that this agency didn’t maintain any classified information, but the fact is that the guy shouldn’t have been able to access unauthorized sites like this in the first place.
The Inspector General, who wrote a report on the incident, had some rather obvious recommendations. For starters, he recommended “a strong blacklist policy.” He also recommended regularly checking the web history of employees’ computers to make sure they aren’t visiting websites that could put the agency at risk again.
It’s advice that every company, regardless of size, should be heeding. While you would like to think that employees at small companies are more bought into the mission, it doesn’t mean they aren’t doing foolish things on your computers.
Don’t blame the user
As we’ve said before, it’s easy to blame the user, and in this case he certainly shares some of the responsibility, but it’s fairly trivial to put a network filter on your system to prevent your employees from accessing sites that could end up infecting your network.
In cases like this one, it’s up to you to protect the company from rogue employees and the employees from themselves. This isn’t about spying, it’s about protecting your valuable business assets and making sure your company isn’t vulnerable because one of your employees was trolling around a questionable website and downloaded files infected with malware.
You should also consider some basic training to lay the groundwork for what’s acceptable at work. While it might seem like common sense, and it often is, people don’t always behave sensibly. That said, you also have to be careful of being overly rigid when writing the rules of what’s acceptable. For example, some companies have blocked social media when the fact is a lot of business gets conducted on these sites.
In the end, it’s your business and you need to ensure that it’s safe. If you’re allowing employees to explore the internet without any kind of filtering tools, you’re leaving yourself vulnerable to a host of malware. While you can blame the employees for not being smart about the sites they visit, in the end it all comes down to you and putting the tools and training in place to make sure they don’t do that.
Photo: Olivier Le Moal / Shutterstock.