Posted by admin on October 4, 2008 · Leave a Comment
Often I am in the position of being the “bad guy” at most of our clients. Case in point, we installed a firewall and web filtering for an office this week. They had been hit pretty hard by some malware a month or so ago due to some improper computer use by one or more employees. Like so many small offices, this one has no Acceptable Use Policy, they go on trust, and (until we took them on) they were not having regular checks and maintenance performed on their machines by a qualified professional. Of course, when I do something like this or advise a business owner what steps they should be taking to protect their office, user’s often get mad at me. It doesn’t really bother me, users don’t send me checks and users are not who I am there to protect-businesses are. Unfortunately, most end-users do not understand the ramifications of what they do, nor do they care.
These days the lines between work on the office computer and the home computer-for many user’s-is becoming blurred. Worse yet, the line is being completely ignored by some users. According to some recent data, more than half of users in a business environment have changed settings on their work machines to allow more liberal access to the things they want to access, in particular on the Internet. 35% felt it was not the companies business what they were doing. (see:
http://www.darkreading.com/document.asp?doc_id=164974&f_src=drdaily) Unfortunately, it IS the companies business and more over it is the companies responsibility to protect their interests. (read “data” and “confidential information”) I’m pretty sure these same employees would be extremely upset if they found out the company let THEIR personal information out on the Internet. This is what those users are exposing to the Internet-someone else’s confidential information! By failing to take proper precautions in securing office machines and the network, companies everywhere could be at risk for exposing other peoples private information and/or their OWN information to people who can (and will) sell or otherwise use that information for nefarious purposes.
Another case in point-I was reading an article the other day where the writer was talking of someone impersonating them on the Internet and leaving inflammatory comments on various web sites. This particular user tracked the rouge person back to their place of work by getting the IP address that was left behind every time this rouge person left a comment somewhere. I hope the rouge users place of work realizes THEY are responsible for everything this user did while using the corporate network. This is just one more glaring example of why companies MUST protect their own interests. Users should not be allowed-to the extent possible-to do any personal email, or web browsing, or downloading or-you get the point. If your users do something illegal or untoward there is not only a possibility, but a strong likelihood that it can (and will) be tracked back to you.
Finally, the cost involved in cleaning up from a malware or virus infestation is not cheap. There are cases where the machine simply cannot be wiped out and every effort must be made to restore it to it’s original condition. Had the office we took on the other day installed the firewall and web filtering some time ago, they could have used that $300 to put toward the purchase of the firewall to start with. In the long run, it will always cost more to clean up problems than it would have to just protect against them from the beginning.
; ?>)
