Pages

Mar 10, 2008

Portable devices can prove to be security hazards

Published on Wednesday, Mar 05, 2008
It is said that the proliferating use of technology is making life simpler by the day. But there are two sides to every coin – and if you don’t believe that, just ask hapless employers about their growing ‘wireless worries’!
Well, today’s information age is witnessing a meteoric use of digital and electronic devices in the workplace and beyond.
But, the ubiquitous technological clutter of laptops, mobile phones, Blackberries, palm pilots, webcams, flash drives and iPods is also a disaster in the making. While the convenience of communication, training and data storage or transfer goes unchallenged; the inherent usefulness quickly evaporates under a cloud of potential threats.
The enemy within
The danger of misuse and abuse of both company-provided and personal electronic devices is staring employers in the face. It can range from lost productivity, leaked/corrupted data and crippled networks to public embarrassment and legal problems.
For instance, any employee can enter the office, take a small gadget (cell phone, PDA or even iPod) from his pocket and connect to the company database through USB or firewall connections. In a matter of seconds, he can funnel huge amounts of confidential information and files and walk off undetected.
Experts have even coined the term ‘pod slurping’ for such illicit activities done through portable storage devices.
Employees can also upload viruses and malicious programmes from their own devices or use the company network to illegally copy company-provided software and download pirated items – all at significant peril to the organisation.
In fact, a recent study conveys that a shocking 70 per cent of unauthorised access to information systems comes from employees.
Apart from the security threats of viruses, electronic eavesdropping and loss of intellectual property or trade secrets, portable electronics are inherently susceptible to theft, which can again compromise sensitive data and proprietary information.
Then again, anyone can surreptitiously click privacy-invasive pictures of co-workers/managers or photograph confidential documents with digi cams/camera phones and even post them to a website or send them to others over an Internet-enabled mobile right away.
The ensuing lawsuits for privacy violations are another story. The increasingly small size of these hi-tech gadgets makes them easy to carry in unnoticed.
In addition, obnoxious cell phone call alerts, disturbingly loud conversations, distracting loud music on digital media players and difficulty to communicate with workers wearing headphones may seem trivial, but still cannot be neglected.
And, while misuse of electronic gadgets in company premises itself is difficult to control, preventing the same when employees are offsite is virtually impossible.
Scraping up a solution
There are no two ways about it – there is a job-related need for portable electronics, even the transferable data storage radically adds to worker productivity.
The organisation may be at risk for employees’ wrong actions, but completely blocking employee access to company systems or preventing them from bringing their own devices to work is not feasible either. Such unfriendly acts will alienate the workforce and wreck their morale.
Yet, employers have to ensure that all devices are used for their intended purpose sans any abuse, in order to protect the rights of both the organisation and the workforce.
They also have the prerogative to control what items employees bring to work in addition to what is done with facilities and resources that is used by employees.
Following this, companies should draft thoughtfully detailed policies regarding the use of both company-owned and employee-owned electronic equipments within and outside the workplace.
Signing the HR policy can also be made a condition for employment. A comprehensive policy can include:
• Requiring physical searches of employees and their belongings in which portable devices may be found.
• Submitting to electronic security gates and other machines for checks and analysis.
• Possibility of telephone monitoring or video surveillance.
• Inspecting unauthorised or personal computing/imaging devices and other media at random and analysing the data, files and pictures stored therein.
• Right to monitor computer usage at all times for compliance with the policy and withdraw access to Internet, email or company databases if needed.
• Installing technological barriers to maintain total control over data transfer for protecting information.
• Requiring employees to keep their cell phones on vibrator or silent mode and not taking any personal calls except in emergencies.
• Where music systems are allowed for personal listening, address related issues like where and when the devices can be used and acceptable level of audibility.
• Inform employees about the disciplinary actions consequent to misuse of technology, whether intentional or otherwise. It can even extend to immediate termination for cases like sabotage or espionage.
• Remind them that not only job loss, but also civil liability and criminal prosecution may result from certain violations.
Policies regarding the use of portable data devices face multiple obstacles and organisations have never been less secure.
So, apart from providing clear guidance regarding company expectations, educating employees on ethical conduct, vigilance and proper use of electronic devices work better than draconian rules ever can.
PAYAL CHANANIA

No comments:

Post a Comment