Risk Management That Embraces Privacy Can Strengthen Security

It is hard to imagine a world in which we didn’t use the Internet at work. 15 years ago, it was a luxury. Today, Internet use at work is mission-critical. We’ve evolved from casually getting online to search for basic information about a company to doing such critical things as accessing webmail, posting to and monitoring social media and transferring and storing files in the cloud.

Unfettered Internet access at work has empowered us to defy geographical and time constraints to communicate with colleagues, vendors and customers located around the globe, develop content and code, and share real-time 24 x 7. It also allows us to shop, gamble, chat with friends, check bank balances and pay bills at work and generally “cyber loaf” on the company network, to the tune of US $178 billion in lost productivity annually, according to U.S. security company Websense. According to IDC, 30 to 40% of Internet access is now spent on non-work related browsing, and 60% of all online purchases are made during working hours.

Declining productivity is not the only fallout of these trends. Employee personal online activity is becoming a major cyber threat vector, with 90% of fully undetected malware now being delivered via web browsing.

The prevalence of smartphones and social media and our evolution into an “always on” society have further blurred the lines between personal and professional lives, bringing our privacy into question and leaving lawmakers dumbfounded as to how to govern personal privacy in light of these changes.

Absent legislation that helps companies navigate this new reality, in an effort to curb employees’ increasing amount of personal time they spend online at work, some companies have implemented monitoring systems that leave employees feeling watched and mistrusted, without really solving the problem of protecting the company network.

The good news is that incorporating individual protection into your risk management strategy can actually make your organizationMORE secure. By championing employee privacy, you can empower individuals to become personally accountable for their decisions online and engage them in protecting the organization. You can achieve this by separating personal and work assets and providing employees a private portal to conduct their personal online business at work. By isolating personal browsing from the corporate network, employees can surf and communicate freely and securely, while corporate assets are shielded from employee activity.

David Melnick, CEO, WebLife, [email protected]

David will discuss this concept at ISACA’s North America Information Security and Risk Management (North America ISRM) Conference later this month in his presentation titled “Employee Privacy versus Organizational Security.”

[ISACA]