When porn pales

Looking at the priorities of many organisations today you could be forgiven for thinking that blocking pornography is the most pressing concern facing a modern enterprise.

New employees are briefed on the organisation’s total intolerance of smut in the workplace; contracts usually stipulate that downloading pornography from the Internet constitutes gross misconduct, which leads to instant dismissal.

Fair enough. No image-conscious organisation wants to end up the target of a sexual harassment lawsuit or — worse still — at the centre of a titillating media scandal. But is that the main point?

Prudent organisations should adopt strong policy and practice to prevent inappropriate workplace behaviour. Banning pornography should be an important cog in any corporate risk strategy. But is porn the biggest threat facing business today? How many organisations, for instance, treat failure to secure passwords as a matter for on-the-spot dismissal? Indeed, how many make security policy an explicit element of contracts signed by all employees?

What percentage of companies actually educate new employees about the importance of security as a normal matter of induction? I’ll bet more new workers learn how to operate the vending machine before they understand how to protect the assets of the business.

The reality is that security is not taken seriously enough in the majority of enterprises.

Most companies are more than willing to pay good money for around-the-clock surveillance and physical security, but when it comes to protecting the most valuable assets they have — the intellectual property and customer intelligence housed in their IT systems — the penny is yet to drop.

The risks of such wilful blindness are enormous.

For any sizeable company, the threat of insider fraud due to lax security practice is enough to make a porn-related crisis pale in comparison.

In most cases, porn should be addressed as part of a comprehensive security policy backed by technology and action. It should not be the sole focus of IT policy as it seems to be today.

If you think a pornography scandal plays badly in the press, try explaining how you managed to lose millions of dollars because the password for your payments system was ‘password’.

Now that’s a real scandal.

Richard Turner is vice president Asia Pacific, RSA Security

Join the newsletter!

Error: Please check your email address.

More about RSA, The Security Division of EMC

Show Comments

Market Place