Monday, April 21, 2008

Symantec: Online Security Concerns Growing in the Workplace

I started reading Neil Postman's Technopoly over the weekend in which he presented a  piece from Plato's Phaedrus in which a god named Theuth presented to King Thamus the discovery of letters. Theuth praised his discovery because he said it "will make Egyptians wiser and give them better memories." But Thamus replied

O most ingenious Theuth, the parent or inventor of an art is not always the best judge of the utility or inutility of his own inventions to the users of them. And in this instance, you who are the father of letters, from a paternal love of your own children have been led to attribute to them a quality which they cannot have; for this discovery of yours will create forgetfulness in the learners' souls, because they will not use their memories; they will trust to the external written characters and not remember of themselves. The specific which you have discovered is an aid not to memory, but to reminiscence, and you give your disciples not truth, but only the semblance of truth; they will be hearers of many things and will have learned nothing; they will appear to be omniscient and will generally know nothing; they will be tiresome company, having the show of wisdom without the reality.

Postman presented the piece to note that adoption of any technology, regardless of its potential, is a Faustian bargain in which a sacrifice must be made in return for the power offered by the technology. I offer this up because of the post I read this post on Campus Technology about security concerns surrounding Web 2.0 tools in the workplace.

Symantec has posted a pair of reports that reveal that workers "put themselves at risk whenever they check their MySpace and Facebook pages...all while at the workplace."

Among the key findings in Symantec's "Global Internet Security Threat Report" are some staggering numbers, including the 711,912 new threats discovered in 2007, compared to just 125,243 in 2006. That's an increase of 468 percent.

The report also highlighted several enterprise system weakness trends which are germane to IT pros looking to balance the new work/life spillover in their IT administration space. According to the report, 58 percent of respondent-documented vulnerabilities in the third and fourth quarters of last year affected Web-based software or applications. Of those vulnerabilities, 72 percent were deemed "easily exploitable."

In their second study, Millennial Workforce: IT Risk or Benefit?, Symantec unveils that:

  • 66% of millnnials access Facebook/MySpace during work hours
  • 75% access their personal webmail accounts
  • 46% use IM on the corporate network
  • Less than 45% stick to company-issued devices or software

The report then goes on to call for CIOs to study what devices are being used in their organization, what applications are being downloaded,  and to track movement of data and information. Based on this data they need to quantify and remediate the problem.

The bottom line is that in this age corporations need to be extremely sensitive to protecting its proprietary information as well as the information of its clients. At the same time, the Millennial generation is not going to blindly give up the technology it has grown up with. Corporations want to tap into the innovative spirit of the Millennials, but to do so they need to treat them as equals and not as children that should be seen, but not heard.

Symantec suggests that IT needs to educate its audience. "Use logic to communicate the risk, solution and benefit to your employees. Recognize that coaching the millennial workforce is more effective than educating."

I think that last line is the key. Corporations cannot just promulgate policies and post them as .pdfs on the corporate intranet and accept that as job done. Nor can it produce mind-numbing training sessions that basically rehash the policy. If there is going to be a zero-tolerance attitude toward IT security failures there needs to be greater communication and cooperation in developing and enforcing the policies. Tags:

No comments: