An article in HR Magazine (http://www.hrmagazine.co.uk/channel/news/article/1056208/IT-aware-computers-not-commit-crimes-people/) caught our eye today, pointing out that technology is great, but don’t let staff hide behind it…
“In the modern business era, technology has not only completely infiltrated day-to-day operations, but has also facilitated the transfer of data – allowing employees to work from the office, from home or even in transit. This creates a challenging paradox for organisations that strive to take advantage of the benefits of technology. It empowers them to serve clients on a global basis and more quickly than ever before, while balancing this are the inherent risks associated with the easy movement and transfer of sensitive and invaluable business data.
“For these reasons and more, businesses need to be increasingly savvy about how they will respond, should they be faced with a computer-related incident. Preparedness and proactive prevention are now a must, but to wear a lifejacket is not to say you’ll never fall into the water. Organisations must be well versed and aware of what kinds of incidents they might be at risk of facing. They should display sufficient efforts to proactively prevent incidents occurring within their environment and they must have clear computer incident response planning in place should an incident occur. What’s more, the plans should be routinely reviewed and updated as necessary to ensure that they are applicable to the current business environment.
“A recent study (Kroll Ontrack’s Fourth Annual ESI Trends Report) has shown that on average, UK organisations alone face at least one data breach incident annually. Examples of such incidents range from the accidental loss of data by leaving a company laptop on a train or a BlackBerry in a taxi, through to intentional and malicious theft of intellectual property. Other common cases include computer misuse and/or misuse of the internet. Excessive use of company computers for personal or private use during company hours is also being increasingly recognised as ‘theft of time’.”
So, how do businesses find the right balance between embracing technology and becoming naïve?
“From the outset, organisations should ensure that they have policies in place detailing the acceptable use of company computers and other electronic devices and that these are updated regularly. These policies might include a clause for the use of personal devices where appropriate, such as home computers when working from home. Other methods of restricting the leak of vital data include the use of encryption, making USB ports responsive only to approved devices, or disabling these ports altogether if this does not inhibit the smooth running of the business. Restricting access to particular websites altogether or only allowing access during certain timeframes also helps to counteract internet misuse.
“It is the technology – laptops, smartphones, USB devices to name a few – that allows organisations to work more productively and more flexibly, maintaining more mobility and allowing us to maintain a work/home balance. Yet it is this same technology that puts us increasingly at risk of computer-related incidents. However, ultimately, we must not forget that computers do not commit crimes, people do.”