Katie Bar The Door

Non-IT employees are bringing technology into the enterprise that can put networks and information at risk.

September 30, 2004

3 Min Read
NetworkComputing logo in a gray background | NetworkComputing

The more technologically sophisticated non-IT employees become, the bigger their potential threat to the enterprise. A little knowledge has always been a dangerous thing, and when it comes to employees and technology, a little technology knowledge can add up to big dangers.

Look at wireless LANs (WLANs), for example. A recent survey revealed that 84 percent of companies that have deployed wireless WLANs have not experienced security problems. But there is an interesting footnote to these findings. The primary drivers for WLAN introduction were the promise of increased productivity and demand from end-users. In other words, employees who have grown accustomed to grabbing e-mail at a coffee-shop hotspot want the same level of convenience at the office.

And therein lies the potential for—and the potential peril of—a cascade of hardware and software that flows, not just through our businesses, but also through our home and private lives.

The technological overlap between cubicle desktop and kitchen table has never been larger. Employees use mobile devices to carry work home, and they often use personal devices and technologies to enhance their business productivity at the office.

As noted, most enterprise WLANs are operating securely. What gives many IT specialists pause is the security of that coffee-shop hotspot or home Wi-Fi network, where exists the possibility of inadvertently revealing sensitive business information and passwords or picking up a virus or worm.In a recent column, Wayne Rash pointed out that a high percentage of worm infections are the result of laptops that acquired the worm at home or from other off-site location and were then brought to the office. The worm bypasses company security by entering the business in the employeeis briefcase.

The solution? Require employees to reboot laptops before attaching to the network. The challenge? Getting employees, accustomed to leaving their laptops always on, to adhere to the policy.

Camera-equipped telephones are another device prompting more than a few security concerns. Camera phones can open enterprise secrets to spies and can expose businesses to unwanted privacy and harassment threats.

The solution? Prohibit employees from bringing camera-equipped phones to work. The challenge? Finding employees willing to leave their phones at home or even in the car.

A little software knowledge can cause problems, as well. Case in point: Instant Messaging. IM entered business by way of commercial, public programs that employees had begun using at home. Using IM at work was as easy as home use, but home use generally doesn't carry the security and privacy, compliance, and liability risks that the programs can pose for business.The solution? Take a look at the IM guidelines recently released by the Federal Deposit Insurance Corp. (FDIC). The guidelines include banning certain programs and increasing 'information security awareness training.' The challenge? Ensuring that employees fully understand the difference between technologies that theyire used to and those that are permitted at work.

The situation is only going to grow more complex, as advanced technologies become more and more accessible and affordable for consumers. This is why forward-looking enterprises are applying a lot of effort to creating, disseminating, and enforcing technology policies that apply to off-site device usage, as well as to at-work usage.

The target of such policies is those employees whoive already got 'a little knowledge.' What they need now is a lot of education.

Read more about:

2004
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights