Tuesday, October 8, 2024

Employees Abusing Network Space Cause Legal Woes

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Do you know what’s sitting on your network?

Probably not, according to storage and security experts.

Any IT manager who thinks his network is holding nothing but customer records, financials

and billing information is really out of touch, say industry watchers. In actuality, the

average network just may be holding more emails from sweethearts, more recipes from Mom,

more copies of the last Star Wars movie and more clips of the latest J-Lo single than any

records supporting your business.

That means it’s probably way past time for a little spring cleaning.

Corporate data storage is being wasted and misused, says Nick Carr, a technology consultant

and author of the article ‘IT Doesn’t Matter’, which recent appeared in the Harvard Business

Review. Companies’ data storage is being wasted on stockpiling employees’ personal emails,

information about their latest e-Bay buys, MP3s and movie clips. He claims that typically 70

percent of storage capacity on any given Windows network is being misused.

Carr says this misused storage space is just one way companies are wasting money.

Keith Rhodes, chief technologist at the U.S. General Accounting Office, says employees are

wasting corporate storage space without giving it a second thought, leaving companies open

to not only running low on disk space but vulnerable to worms and viruses, as well.

”When we go in and test systems, we find there’s an awful lot of garbage, says Rhodes,

whose job is to test the network security at 24 different government agencies and

departments. ”People are starting to forget that the tool they’re using at work belongs to

the company, and they’re looking at it as their own personal space… People don’t seem to

make a distinction between work and personal, so it’s all disheveled and disorganized.”

Rhodes notes that disk space isn’t very expensive these days, but it doesn’t grow by itself.

Employees are needlessly putting a load on their corporate networks.

”People are looking to download the Matrix, and then you get some big Windows Media files,

and then a four-minute music video,” adds Rhodes. ”How many of these things are you going

to have, before there’s a problem?”

And forget about having to buy and install extra storage space so the people in the billing

department can save copies of their favorite email jokes and pictures of their family

vacation. The bigger problem could be a lawsuit or criminal liability.

Robert Gray, research vice president of storage systems at analyst firm IDC, says employees

hiding away MP3 files or copies of their resume is one thing. Hiding pornography or other

files that could lead to a sexual harassment charge or even a criminal complaint is

something all together more serious.

”When you get into all this stuff about harassment and pornography, they bring up a lot of

legal issues,” says Gray. ”Employees in the U.S. don’t comprehend that all the material on

that computer is basically the property of the employer. They don’t have the legal rights

they think they do.”

Having pornography on the network could add to the creation of a sexually charged workplace,

which could not only make employees uncomfortable but could lead to a sexual harassment

charge.
A similar, but more serous threat, is having child pornography on the network. And security

experts say it’s far more common than most IT managers would ever imagine. Many in the

security industry say child pornography — explicit images and text dealing with underage

children — is hidden on virtually ever large corporate network.

And having that on a corporate network causes a litany of legal issues — from creating a

hostile work environment to criminal liability for not only the person who put it on the

network, but for the company, as well.

Security and law enforcement experts have differing opinions on whether or not a company is

held liable for illegal content sitting on its network. Some say if company executives don’t

know it’s there, they’re not responsible for it. Others disagree. Most say IT managers need

to go looking for it. And all of them agree that once it’s found, it needs to be reported to

police.

Charles Kolodgy, a research manager with IDC, says IT administrators need to check their

systems for illegal content regularly — to both have control over their networks and to

eliminate and report illegal activity. Kolodgy notes that a lot of administrators check for

and wipe out MP3 files when they’re doing backups. They also should be checking for any

anomalies, such as the passing of data files outside the network, that would hint that

something is going on that shouldn’t be.

All the analysts agree that the best way to head the problem off is to create a policy that

restricts corporate Internet usage for anything but strictly business purposes. Users should

have no expectations of privacy when using company equipment and services.

Analysts further warn that IT administrators need to not only create the policy, but they

need to make sure that every employee knows about it and agrees to it. They suggest giving

workers periodic reminders and having a pop-up window that appears when a computer is booted

up. The window will show the corporate policy and by clicking on it, employees acknowledge

it and agree to it.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles