Software piracy is rife in Australian organisations with IT managers oblivious to what activities really take place on users' desktops.
A new survey of 978 Australian businesses found 46 percent have no clear policies on Internet downloads and software use while 66 percent do not conduct regular software audits. Even more remarkable, a further 36 percent of those surveyed did not know how many computers they managed. British Airways IT manager Mark Pavlides is the first to admit the survey findings ring true.
Had Pavlides been asked a few years ago how many computers the organisation had he wouldn't have been able to provide a clear answer.
"A few years ago this was true; we didn't know what equipment we had. We now have a far more robust inventory system which is centralised and helps us to keep track," Pavlides said.
To address the problem, Pavlides undertook a desktop audit and discovered illegal and unauthorised software across the organisation.
"We had to introduce a PC lockdown so that no staff - except the administrator - could download software," he said.
Compliance issues also forced the organization to take a closer look at desktop activity.
"With the introduction of Sarbanes-Oxley we came down hard in this area although the lockdown has basically eliminated the problem," he said, adding that the organisation introduced end user education and new policies.
The national survey, undertaken by the Business Software Association of Australia (BSAA), found that 65 percent of participants did not know if their employees had downloaded something illegal.
BSAA chairman, Jim Macnamara, said Australian companies are not intentionally pirating software, but IT isn't effectively managing computer assets.
"What we know from anecdotal experience is that if you do not control what employees can download, there is a 95 percent chance there will be a lot of illegal material," Macnamara said.
He admitted software asset management is a buzzword but said that companies are nonetheless liable if policies are not enforced.
Jason Brooks, Oakley Sunglasses IT manager, places a greater emphasis on policies rather than hardware or software solutions.
"We combine usage policies with spot audits as well as quarterly sweeps of server storage, random checks of file type including incoming and outgoing e-mails and will investigate attachments if necessary," Brooks said.
His approach is partly driven by the need to better utilize bandwidth, because its regular business usage requires a lot of downloads.
Brooks said there is a fair degree of desktop ignorance among users, but policy enforcement counteracts it to some degree.
"We cover it as part of the staff induction process and revisit it on a periodic basis. If we discover something that isn't business-related, we issue a reminder notice," he said.
The Pickles Group IT manager Richard Ford has a template for each PC which does not allow anything but the standard operating system and standard software to be on that computer.
This tough stance also includes the use of content filtering software supported by Internet usage policies.
Macnamara said organizations should take a three-tiered approach to the problem, beginning with clearly defined policies.
Spot checks of desktops and company-wide software audits should support these, he said.
"Word soon gets out when there are random checks and staff are less likely to download or pirate software," Macnamara said.
"But it should start with usage guidelines because under industrial laws you cannot discipline staff unless these policies are clear."