YOU! And your employees. Like it or not, human beings are our own worst enemies online, inviting hackers, viruses, data breaches, data loss, etc., through the seemingly innocent actions taken every day online.
In most cases, this is done without malicious intent. But if you as a manager or an owner aren’t monitoring what websites your employees are visiting, what files they’re sending and receiving — even what they’re posting in company email — you could be opening yourself up to a world of hurt.
That’s because employees’ actions can subject the company they work for to monetary loss, civil lawsuits and data theft — not to mention criminal charges if those actions involve disclosure of confidential company information, transmission of pornography or exposure to malicious code.
One thing you can and should do is configure your firewall to document and monitor which websites users are visiting. Almost all enterprise-level firewalls have this ability built in; you simply need to configure it and monitor the reports. This is something your IT department or provider can certainly help you with.
But it’s up to you to set the rules, write them into an Acceptable Use Policy (known as an AUP), train employees on what is and isn’t acceptable, then get them to sign the AUP.
Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.