Consider Internet Security (or Insecurity) at the Workplace
Contemporary employees apparently have a troubling disregard for Internet security issues. Or, so sayeth premier high-tech company Cisco after a recent survey. The study found that many employees seek to circumvent employer IT security measures to use personal devices to access social media sites.
Cisco Survey Data and Questions
Author, Jim Duffy, in an article for Network World, made cogent observations and comments relating to a meaningful 2010 Cisco security survey. For example, the survey discovered that 71 percent of the participants believed that “overly strict” corporate security measures “hamper the hiring and retention of employees under the age of 30.” Some observers viewed this result as an indictment of younger employees’ disregard for or misunderstanding of the criticality of network security.
Ramifications are far more potentially damaging should these 20-somethings believe they lost job or promotion opportunities because their current employer deemed them to be security “risks.” The legal issues and possible fallout is most troubling to both employer and employee.
Equally troubling questions emerge from these results:
•Are corporate policies designed to protect company data and communications security at risk from internal employee challenge?
•Does the need for corporate security impinge or restrict U.S constitutional First Amendment (the right to free speech) guarantees?
Since this article is designed for knowledge and informative content, neither legal nor personal opinion is appropriate. Yet, the answers, on a case-by-case basis, remain important.
However, other questions for employees naturally follow:
•How do you feel about this issue as a productive member of the workforce?
•Do your employer’s Internet security policies concern you to the point that you seek new employment? (Interestingly, the Cisco survey indicated that a full 100 percent of employee respondents may be seeking new jobs.)
Unlike many surveys, this data indicates that respondents understand that using unsupported devices and social networking represent potential security risks. Yet, these employees responded with opinions that indicated a need (want?) to defy corporate security policies to employ non-corporate, unsupported devices to access the ‘Net and communicate.
Employee Considerations
Whether you are a 20- or 50-something employee, or anywhere chronologically in between, you should keep Internet security at the top of your to-do or concern list. The ramifications of disregarding this important consideration can forecast dire consequences for individuals and companies alike. Discarding this focus could be very costly for employees, employers, individuals, and the population at large at levels that may result in irrevocable damages to all.
The Cisco study indicates that many respondents understand that social network sites can pose serious risks to security. It appears that many employees are also mystified as to why their employers do not install security procedures to protect their personal devices. Over half of the employer participants indicate that they are prone to allow these currently “unsupported” devices on to their workplace secure networks in the next year or so.
Those employees, who maintain that their employers are using “excuses” to discourage personal device use at work and/or to adopt a “big brother” attitude by restricting e-mail and instant messaging use over company-secure networks, may be hard to convince of the difficulty in safeguarding communications from/to other devices. However, employees should avoid painting the entire business community with such a “broad brush.”
Most employers are committed to protect their data and networks, while remaining honestly concerned about the security holes in their staff’s use of hardware beyond the company’s ability to protect transmissions. Employee/employer cooperation is the best solution to overcome this apparent divergence of opinion.
Employees, who conclusively learn that their employers simply will not empower staff to use personal devices, may want to consider starting a new job search. However, they should also learn the policies, procedures, and security levels of potential new employers before making any irrevocable changes in workplace addresses. Unless there are other factors encouraging these employees to seek new employment, trading one employer for another that has identical policies may be an exercise in futility.
High performing employees should ask themselves a few questions before making career decisions based on their use of personal devices at work.
•Does your personal device use help you perform better at your job?
•Does your employer’s inability to secure your communications present unacceptable risks to you—personally and professionally?
•Does your employer have a plan to secure your personal device in the foreseeable future? Have they published a time frame and expected implementation date?
•Does your device help you communicate with peers, customers, management, or prospects? Or, do you use it exclusively for personal, non-workplace related communications?
You need not tweet your answers or post them on your Facebook wall. However, you should answer them honestly to the “face in the mirror.” At least, understand that your unsupported personal device may pose some risk to you if used at work.
Should you feel this risk is reasonable and your employer permits personal device use at work, be careful how you manage your hardware. Conversely, if your device poses unacceptable risk and your employer has no desire to expand their security procedures to protect these devices, consider other aspects of your current position. You’ll learn to grin and bear current workplace policies or consider instituting a new job search.