Employee Behaviour

Businesses of all shapes and sizes have harnessed the power of IT and the Internet to grow their business and modernise working practices to be more efficient. However, this rise has meant that IT systems are now a critical part of any business; put simply, the business will fail if the IT systems fail.

Businesses in Australia, in utilising IT and the internet, need to ensure that IT systems are not put at risk by employee’s use of those systems.

The internet has become a ubiquitous tool for businesses to use, but the Internet presents an equally ubiquitous risk. Your business may operate an ‘open-use’ policy with regards the Internet or you may only use emails and not the wider Internet; however managing the risks involved with employee’s use of the Internet is a vital part of any effective IT security policy.

The Potential Risks

Employees can potentially use the Internet without any regard for the risks to the business, with unlimited use of the Internet for non-work related activity being dangerous for the following reasons: 

• Employees may use the Internet to view inappropriate or sometimes illegal material on websites; Employees may knowingly or unknowingly download documents, email attachments or other media which can infect or disrupt the businesses IT infrastructure.
• Employees are using the Internet for their own personal use during work hours, thereby working less productively than is expected.
• Critical business information, such as company passwords, customer’s information and sensitive corporate information can be needlessly exposed by employees surfing the Internet without due care and attention
• It is also worth noting that your business can be made legally liable for the behaviour of your employees using IT services, particularly if it endangers other organisations data or infrastructure.

IT security is a team game and the responsibility of every single employee within a business. Vital to this approach is making sure all employees understand their role within IT security, with their use of IT systems being productive and in no way endangering the business.


MANAGING THE RISKS OF EMPLOYEE BEHAVIOUR

Steps to Protection
Regardless of the size of your business, your first initial step must be to provide clarity and consistency in your IT security approach; with an IT security policy document being the appropriate measure. Your IT security policy should;


• Understand and guard against the most common threats your business is likely to encounter
• Be clear, not necessarily lengthy but an appropriate guideline for employees to refer to and abide by
• Clearly identify any monitoring you are carrying out on the IT systems, such as recording web activity,key strokes etc.
• Make sure it is signed by all employees who use any IT systems
•Each policy will be different, but consistency and clarity is key regardless of how tailored to your business you want to make it.
Added to a policy, there are numerous straightforward and inexpensive measures you can take to manage the risks accordingly, these include;
• Considering the advantages of an automated web activity monitor, which can allow you to understand how your employees are using the Internet, and make changes in light of this.
• Determining the feasibility of using an email spam filter which can provide a buffer between your network and dangerous spam or phishing emails and attachments
• Web filtering is another option, with certain websites not being able to be accessed due to the filter prohibiting employees viewing them, this provides;
• A clear safeguard against employees deliberately accessing offensive and inappropriate websites
• Protection for employees who may unwittingly access such websites
• Speaking to an IT consultant should give your business expert advice and a solution that is tailored to your needs.

It is an important step to get some external advice on the matter before deploying security measures.