Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Costly Cyberslacking

Google may have been onto something more than free R&D when it decided to allow employees to have one day per week of time where they could work on their own projects, if recent research being reported on is anything to go by.

If people are spending up to 20% of their time engaged in non-work activity (as the article asserts), then not only is this a costly issue for employers but it can introduce Information Security problems if much of that time and activity is directed at the Internet and computer-based diversions. While this most recent research is not really different from any number of previous reports about employees slacking off at work (smoko breaks, management by walking around, etc.), this particular report focusses on the use of computer-based diversions.

Bored and motivated employees who are looking to surf to web forums, personal sites, and other non-work related Internet content are more than likely exposing their company networks to risk of infection by the various nasty malware that can be encountered across the Internet (or have already compromised their work networks). Other activities, including personal webmail, using company email for personal purposes, installing non-approved software, and the use of Instant Messaging software can introduce similar risks to networks.

Some companies and workplaces take the approach that anything not explicitly approved is not permitted, and completely prevent this sort of activity from taking place (though the bored motivated individual will still find a way around it, even if it is as simple as Excel Gaming). Others either ignore the problem or know nothing about it, and so have no restrictions on personal activity.

Probably the smartest approach is being taken by the companies that acknowledge that their employees will spend some of their time on personal activities and Internet usage, so have introduced moderate controls - primarily to prevent inappropriate and illegal content from being accessed, and have controls in place to separate sensitive company content from inadvertent exposure on the Internet.

Companies need to be aware that this sort of activity is going to happen, irrespective of their efforts to stop it, and need to account for the sort of risks that it could expose their systems and networks to. With careful and well-thought out approaches employers and employees can both be kept safe and happy.

Of course, reading this article doesn't count as non-work activity.

30 August 2007

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.