The Enemy Within


Initially, that may seem a little harsh, as I’m referring to employees of your company. But, as it turns out, your employees can often be a bigger threat than you realise. And, with the advent of Bring Your Own Device (BYOD) it is only getting worse. Given that, as I type this today, the security on the iPhone, for example, is somewhat – ahem – elastic (see ) you may wonder why BYOD is even considered at all in any workplace? In a small to medium business, the likelihood of folk – often those in senior positions – wanting to use their shiny new toy for business is often greater than in a corporate. Conversely, a corporate will often be far better equipped to deal with the proliferation of these devices.

If a user is able to install something on your network, rest assured he or she will at some point. After all, software is “simple to install” right? Not a moment’s thought will be given to compatibility with existing programs, licensing, liability or security.

More commonplace is accidental moving – thanks to the ease of ‘drag and drop’ – or deletion of files, whether by accident or design. The “are you sure” prompt may as well not exist as it is routinely ignored! Just one of the many reasons a backup is so important. You do have a backup don’t you?

Another issue is how your users use their office technology – as a business, you have a legal liability for your employees’ actions and in some cases even a criminal one! These include harassment, liability for acts and omissions and accessing illegal materials. See this link for more details –– it does not make happy reading.

 What can you do?

  • Ensure you have an up to date employment policy which covers your employees’ use of your IT equipment, including email, web browsing, social media use at work – and keep it up to date!
  • Don’t allow your users to install software at all – either restrict users’ accounts or enforce it via policy.
  • Enforce controls on devices used in the office via policies which allow remote disablement of the device should it become lost, stolen or compromised.
  • Educate your users in file management.
  • Monitor or restrict access to the internet – in particular, use a web filter or dns services if you are able