Avoiding Legal Traps on the Web

The Internet is obviously a valuable resource for many organisations. However, in my work with companies of all sizes, I find that many are exposed to security and legal liability concerns because they fail to control Internet access across their organisational assets. Often, IT departments simply put in place patch management and virus scanning software to secure the internal network, then consider the job complete. However, such measures don’t protect an organisation from criminal Internet use, intended or otherwise.

Additionally, most companies don’t take formal steps to protect their systems against Trojans, viruses, listeners, and other malware that lure users to official-looking Web sites where users give approval to download updates. For example, such malware might lure a user to a site with the promise of free music downloads if the user simply installs a special “player.” The player is actually a Server service that, once installed, is used to distribute illegally pirated DVDs. Such activity can bring down a network due to overwhelming traffic and result in lawsuits from the copyright holders. In some cases, the material might be ethically objectionable, resulting in distasteful materials being distributed from your organisation’s systems. In such situations, you might be required to keep such distribution on line while criminal investigations are occurring with Federal agencies.

As CNET’s News.com reported3, Nancy Flynn, executive director of the ePolicy Institute, summarised a survey published by ePolicy with the American Management Association on surveillance in the workplace. “Productivity is a concern; loss of confidential information is still a concern; security breaches are a concern. But...the No. 1 concern is liability. Employers are afraid of being sued,” she said. In my opinion, they have reason to be concerned. The International Federation of the Phonographic Industry (IFPI) represents the interests of the recording industry worldwide. IFPI made headlines in the United States by suing more than 5700 individual file sharers for copyright infringement, not including 750 suits filed during October 2004. The same organisation has carried out similar actions against individuals in the UK, Austria, Denmark, Germany, and Italy.