WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
Probably not, according to storage and security experts.
Any IT manager who thinks his network is holding nothing but customer records, financials and billing information is really out of touch, say industry watchers. In actuality, the average network just may be holding more emails from sweethearts, more recipes from Mom, more copies of the last Star Wars movie and more clips of the latest J-Lo single than any records supporting your business.
That means it's probably way past time for a little spring cleaning.
Carr says this misused storage space is just one way companies are wasting money.
Keith Rhodes, chief technologist at the U.S. General Accounting Office, says employees are wasting corporate storage space without giving it a second thought, leaving companies open to not only running low on disk space but vulnerable to worms and viruses, as well.
''When we go in and test systems, we find there's an awful lot of garbage, says Rhodes, whose job is to test the network security at 24 different government agencies and departments. ''People are starting to forget that the tool they're using at work belongs to the company, and they're looking at it as their own personal space... People don't seem to make a distinction between work and personal, so it's all disheveled and disorganized.''
Rhodes notes that disk space isn't very expensive these days, but it doesn't grow by itself. Employees are needlessly putting a load on their corporate networks.
''People are looking to download the Matrix, and then you get some big Windows Media files, and then a four-minute music video,'' adds Rhodes. ''How many of these things are you going to have, before there's a problem?''
And forget about having to buy and install extra storage space so the people in the billing department can save copies of their favorite email jokes and pictures of their family vacation. The bigger problem could be a lawsuit or criminal liability.
Robert Gray, research vice president of storage systems at analyst firm IDC, says employees hiding away MP3 files or copies of their resume is one thing. Hiding pornography or other files that could lead to a sexual harassment charge or even a criminal complaint is something all together more serious.
''When you get into all this stuff about harassment and pornography, they bring up a lot of legal issues,'' says Gray. ''Employees in the U.S. don't comprehend that all the material on that computer is basically the property of the employer. They don't have the legal rights they think they do.''
Having pornography on the network could add to the creation of a sexually charged workplace, which could not only make employees uncomfortable but could lead to a sexual harassment charge. A similar, but more serous threat, is having child pornography on the network. And security experts say it's far more common than most IT managers would ever imagine. Many in the security industry say child pornography -- explicit images and text dealing with underage children -- is hidden on virtually ever large corporate network.
And having that on a corporate network causes a litany of legal issues -- from creating a hostile work environment to criminal liability for not only the person who put it on the network, but for the company, as well.
Security and law enforcement experts have differing opinions on whether or not a company is held liable for illegal content sitting on its network. Some say if company executives don't know it's there, they're not responsible for it. Others disagree. Most say IT managers need to go looking for it. And all of them agree that once it's found, it needs to be reported to police.
Charles Kolodgy, a research manager with IDC, says IT administrators need to check their systems for illegal content regularly -- to both have control over their networks and to eliminate and report illegal activity. Kolodgy notes that a lot of administrators check for and wipe out MP3 files when they're doing backups. They also should be checking for any anomalies, such as the passing of data files outside the network, that would hint that something is going on that shouldn't be.
All the analysts agree that the best way to head the problem off is to create a policy that restricts corporate Internet usage for anything but strictly business purposes. Users should have no expectations of privacy when using company equipment and services.
Analysts further warn that IT administrators need to not only create the policy, but they need to make sure that every employee knows about it and agrees to it. They suggest giving workers periodic reminders and having a pop-up window that appears when a computer is booted up. The window will show the corporate policy and by clicking on it, employees acknowledge it and agree to it.