Letting family and friends use work-issued devices
It is a fairly common scene: An employee brings a laptop home and later that evening, that person's son or daughter wants to use the device to surf the Web. But can you trust that what they are viewing and downloading is safe?
"I have entered environments where children's games were installed on machines, instant messaging and more," said Jason Hall, president of Stuart Hall Technologies, an Ambler, Pennsylvania-based consultancy. "Something like this can be addressed with local security settings. A user should not be an "administrator" of their machine."
Employees should be clear that the work-issued device is for their use only. And, keep in mind, computers and mobile devices aren't the only place where friends and family can cause problems. DeFrangesco shared a story of a friend with a son in middle school.
"The son was working on a project on his home computer and needed to bring it to school the next day to finish it in class. The father told his son he could have the USB drive in his brief case."
Unfortunately, the son took the wrong USB drive and lost several important documents his father needed for work.
"I know many companies where using USB drives is acceptable and encouraged to the point where they even buy the drives for their employees to use," said DeFrangesco. "I do not recommend or encourage the use of these drives."
If a company does allow employees to use USB drives, make sure the drive has security built in. If the drive does not have security, encrypt the data yourself, said DeFrangesco.
Altering security settings to view Web sites that have been blocked by the company
Cisco in its survey of end users also found more than half have changed the security settings on their company-issued laptop to view restricted Web sites. Those polled said they did so because they wanted to visit it regardless of their company's policy. Another find: 35 percent said it is none of their company's business if they have changed the security settings on their computer.
"I have to admit I have been guilty of this many times," admits DeFrangesco." I do a lot of presentations and frequently need information or graphics for my slides, after gaining the proper permissions of course. However, when I find myself being blocked from a site, I often use a proxy to get around it. A proxy will act as a go between your computer and the site you want to connect to, fooling the filtering software from blocking you."
Both Hall and DeFrangesco point out that organizations can stop some of this activity by adjusting content filtering to block particular sites that allow the bypassing of a firewall or content filter. But, although IT is responsible for locking down these settings, the end-user still needs to be educated, said Hall.
"The end-user has to recognize the risk they pose on the organization and themselves," he said.
Both Hall and DeFrangesco recommend companies train users on proper computer usage and consider having them sign an acceptable use policy every year.