Managing Employee Behaviour

Last week I met with the Regional Police Business Liaison Officer for Dyfed Powys Police.  An interesting and informative discussion was had and I came away just a little alarmed at what employees can do to destroy a business both intentionally and unintentionally.  So I thought by a series of blogs I might be able to point you the businesses in the right direction with the help of some very informative booklets from the Ecrime Wales. 

I have just blogged on the subject of Losing Company Secrets, Resources and Data – click here to see the blog

You obviously would not wish to believe that your staff is out to bring down your business/organisation but by their actions they can inadvertently cause substantial risks to your business.

No matter how well you implement your controls and security procedures it still depends on the people who use your network.  The more your employees appreciate your security procedures and the risks involved if the procedures are not adhered to – the less likely a breach of security will occur.

Managing emails is a key component to protecting your business
• Spam Email is a significant problem –  although not all pose a threat many have attachments which can contain viruses or spyware
• Chain emails including the funny ones, inspirational ones and those that promise good or bad luck if we don’t continue to send to 5 or 10  or all of our contact list are more often than not collecting email addresses for dubious means.
• When sending emails ensure you are not disclosing all the other recipients.  There are many newsletter type emails that will send out to individuals without disclosing other recipients.
• Remember if you are holding any records on anybody from the public, your suppliers, patients, customers, employees, business partners etc s you need to comply and adhere the Data Protection Act .  Failure to do so may be committing an ECrime!

Tips from Preventing E Crime for Dummies from ecrimewales
• Avoid posting your full email address on public internet forums or websites. 
• Use a secondary or ‘disposable’ email account for public use or for when signing up to online services.  This account may still attract spam, but if this gets out of hand, you can simply delete this ‘decoy’ account and start another, without affecting your original or primary email address.
• Never reply to spam email even if the text contains a remove option.  This only serves to validate your email address and will most likely result in you receiving even more spam email than ever before.  Ignore the email and delete it.
• Emails that purport to be from your bank ignore.  Banks and Building Societies and other high profile commercial organisations such as ebay or paypal never ask for sensitive information via email!

Managing the risks involved with employee Internet use is a vital part of any effective IT security policy.  Consider these few points.

• Employees maybe viewing inappropriate or indeed illegal material on websites and indeed may be using the internet for their personal use during work hours, thereby not working productively for your business
• Critical business information can be needlessly exposed by employees surfing the internet without due care and attention.
• Your business can be made legally liable for the behaviour of your employees using IT services, particularly if it endangers other organisations data or infrastructure.

For more information on ecrime in Wales go to www.ecrimewales.com or www.edroseddcymru.com