Ensure staff abide by the law of IT
VARs can benefit from businesses' need to avoid the problems the misuse of technology presents in the workplace, writes Bob Tarzey
Avoiding bad publicity, protecting their brand name and maximising customer confidence are all high on the list of worries for businesses when they consider their ability to comply with the various laws and regulations that govern them.
Some businesses pay lip service to regulations and others find ways around them altogether. But most regulations simply have to be complied with, because laws are laws.
For those who have the task of overseeing that businesses are acting in line with rules and regulations, and that the business maintains high standards in its dealing with customers, suppliers and partners, IT just makes the headache worse. And with so many channels of communication open and the mingling of their business and personal activities, companies are more open to risk from the actions of their employees than ever before. When it comes to corporate data risk, the threat from employees is rated more highly than other risks, such as IT systems failure, viruses and other malware or theft.
It is not that all staff are intrinsically bad – most are not – but anyone is open to distractions, whether it be betting on the FIFA World Cup, instant messaging friends, writing personal blogs on animal rights, or adding Wikipedia entries. All of this has an impact on employee productivity, but can also lead to damaging communications with the outside world.
Some staff will set out to deliberately damage their employer, either because they harbour a grudge or see a chance for financial gain. Others do plain stupid things, such as accidentally forwarding confidential information to external parties, or exchanging lewd images with their friends.
Whatever the employees do, accidental or deliberate, and in the name of their employer or not, all of these communications are seen to come from the business and have the potential to harm its reputation and put it in breech of regulations or the law.
Trusting employees is not enough; it is too easy for them to make mistakes. But businesses cannot afford to be stifled by banning employees from using the very tools that are supposed to make businesses open, communicative and productive. The answer has to lie somewhere between the two: having IT systems that allow the actions of employees to be monitored and controlled.
There is nothing new about this. One of the most well-known brands in the computer industry, National Cash Registers, was built on the back of monitoring staff and preventing theft. There are plenty of products available to control employee act-ivity, including the use of email, the web and instant messaging. Because these products monitor the ports on which these activities take place they can be adapted to monitor new and emerging activities as well.
But many businesses are struggling with the basics. Research shows that most businesses do not currently consider that they have a compliance oriented IT architecture that will allow them to achieve this. In fact many think it is unachievable.
Today, few IT vendors have the product portfolio to cover all of the ills that can arise from the misuse of IT. But resellers can assemble a portfolio of products to help their customers create a compliance-oriented architecture and to help those who have the task of preserving the good name of the business to sleep more easily.