On a regular basis, I come across computer users who have “self
infected” their computers with viruses, malware (malicious computer
programs), spy ware or some other bad computer program.
Why “self inflicted”?
Well how did their computer become infected? A web advertisement
popped up saying “Your computer is infected with a virus. To clean your
computer click here”. After they’ve clicked on the “warning”, a few
seconds later their computer is infected with a nasty program designed
to a) get them to pay for an anti-virus program that might not even
work b) spy on their keystrokes or worse.
One reason why employers and their IT consultants consider (or
actually do) lock down computers is to prevent lost productivity and
data loss due to virus/malware/hacker attack.
On one hand employers want to give their employees the freedom to
download the tools they feel they need to work – Skype, Windows
Messenger, PDF utilities and etc. On the other hand the legitimate fear
that employees will install a malicious program is exists.
One big hack attack I see are emails that purportedly come from UPS,
FEDEX or some other critical institution in every business
professional’s life. These emails have zip files attached to them and
unsuspecting users open the attachments and get infected.
Data theft by employees should also be of concern to employers.
network security software developer GFI conducted a survey in the UK to
measure the awareness of businesses to internal data loss.
The survey results found that amongst other things, Despite
the higher rates of redundancies and staff dissatisfaction that has
been proven to increase employee-led information theft, only 22% of
respondents believe that of all the security threats, internal ones are
of more cause for concern. Indeed, as many as 50% were ‘not that
concerned’ about the threat of data theft by leaving employees.
When considering your company’s security develop a holistic and all
around solution that can protect you from threats inside and outside of
Locking down your computers does not mean your employee’s
freedom has to be completely removed. What it does mean is that for the
sake of the company, reasonable restrictions, with exceptions, need to
be in place.