31 March 2006: Staff misusing the Internet by accessing inappropriate websites remains the second largest cause of reported security incidents after viruses for large UK companies, according to findings from the 2006 Department of Trade and Industry's biennial Information Security Breaches Survey.

The survey went on to say that some 90% of all companies said protecting their reputation was one of the most important drivers for information security. Yet despite this, the majority of organisations still do nothing to audit or monitor for staff accessing digital pornography.

In order to assess their level of risk, companies need to understand the Severity, Likelihood and Visibility of the risk.

Severity: the severity of an illicit incident is typically high and can range from criminalisation through civil law suits to breach of corporate compliance.

Likelihood: The ICT fraud and abuse 2004 study by the UK Audit Commission said that "ICT abuse continues to rise and survey respondents generally felt more vulnerable in their use of ICTs". According to the Audit Commission's findings the highest growth of ICT incidents in the workplace is access of inappropriate material.

Visibility: According to the 2006 Department of Trade and Industry's biennial Information Security Breaches Survey, Only 1 in 6 companies scan for illicit content in emails. The worry for the others is what is slipping through the net via email, internet and other routes such as USB key, digital camera or mobile phone.

How can The Irish company Help?

In just one day, The Irish company can undertake a 'Discovery Audit in which The Irish company will scan a subset of your corporate network desktops, servers and email files for illicit image content in order to provide you with Visibility of the scale of digital pornography on your network. The Irish company will also provide you with a report assessing the Likelihood and Severity of inappropriate image material on your network based upon the image material found.

In business, image is everything

On 23rd June 2006, Merrill Lynch was reported to have told 20 staff in its Dublin to stay away from work after they had been caught sending pornographic email; at almost the same time, in the UK, the Driver and Vehicle Licensing Agency dismissed 14 of its staff for distributing pornographic email attachments.

"Such incidents are not uncommon" says John Nolan, CEO at The Irish company, an Irish company specialising in detecting and dealing with digital pornography abuse in the workplace. "About 95% of the companies we audit have unwanted digital pornography on their systems which we can identify and help eradicate. What is unusual about these reports is that both companies understand the business risk and have taken very positive action by sending out a clear message to staff and reassurance to customers that such abuse will not be tolerated."

Staff misusing the Internet by accessing inappropriate websites remains the second largest cause of reported security incidents after viruses for large UK companies, according to findings from the 2006 Department of Trade and Industry's biennial Information Security Breaches Survey.

This is borne out by a similar study undertaken by IBEC in Ireland which reported that almost 60% of companies reported computer misuse; the main types of misuse were inappropriate emails both internal and external and pornography.

"The risks to the corporation are high" says Nolan. "Companies can suffer from breach of corporate compliance, financial loss, brand damage, exposure to civil litigation and even criminal prosecution in extreme cases. Most companies either won't acknowledge that such activity may be happening in their organisation or put in limited software protection and assume that the problem has been dealt with - it hasn't."

Yet assessing the risk and tackling the problem is straightforward.

However, companies must first recognise the business risk and be prepared to takes steps to deal with it.
In order to assist companies understand how to deal with this high risk issue, The Irish company recommends the following actions:

1. Get visibility of your risk - by undertaking a discovery audit of email accounts, desktop PCs and server shares.

2. Clean up your act - deal with incidents identified in the audit, update your policies, communicate policies to staff and ensure staff comprehension.

3.Stay clean - maintain gateway protection and implement auditing and monitoring systems at the desktop / servers.

"Many companies call The Irish company in after they uncover an image incident but increasingly companies are calling us in order to see if they have problem" says Nolan "The Irish company offers a no risk, confidential way to quantify the risk, identify the perpetrators, help the company 'clean up their act' and to 'stay clean'."

How can The Irish company Help?

In just one day, The Irish company can undertake a 'Discovery Audit in which The Irish company will scan a subset of your corporate network desktops, servers and email files for illicit image content in order to provide you with Visibility of the scale of digital pornography on your network. The Irish company will also provide you with a report assessing the Likelihood and Severity of inappropriate image material on your network based upon the image material found.

About the Author:
This article was written by Colm Doherty of Pixalert - http://www.pixalert.com Data Loss Prevention | Email Monitoring Solution | Porn at Work. PixAlert is the market leader in products and services that provide detection of critical data for corporations.