Risk of Unauthorized Software on Network Computers
written by: Bruce Tyson•edited by: Jean Scheid•updated: 4/2/2011
Average workers and some IT staffers underestimate the risk of having unauthorized software on network computers. That's why having a well-documented and enforceable acceptable use policy should be in place. We'll talk more about the risks involved here.
slide 1 of 6
Malware, Spyware, Adware and Viruses
You spend a lot of time administering your corporate network, so the last thing you want is for it to become part of a botnet or other nefarious scheme to attack other computers. Before you know it, various online services are blocking your IP addresses because you are a known source of spam, and the FBI is checking you out because your IP address showed up in sensitive Pentagon computers.
Then there's the everyday virus problem that comes in from downloaded software installed on an employee's computer. Before you know it, you could have one or more workstations invaded by malware, and passwords, e-mails, and other private information could be transmitted to a server in Kenya. Don't let that happen.
The risk of having unauthorized software on a network can be deadly because viruses, bots, worms and other malicious programs are easily attached to software coming from an unknown source.
slide 2 of 6
It's hard to predict what kind of software employees might introduce to the corporate network. Some may disable firewalls, others might map network drives. Others might publicly expose company IP addresses and internal assets, leaving the company vulnerable to hackers. Others may simply consume so much bandwidth that network performance becomes compromised. Some programs might interact with corporate databases, but have compatibility issues and cause significant unintentional damage.
Unauthorized software can perform unlimited actions on networks, so making sure employees are informed on how to avoid unauthorized software on the network is important to network security.
slide 3 of 6
With so much online activity, the Web browser alone is enough to cause network administration problems. Unauthorized content can be just as harmful as unauthorized software or even more. Pornography sites, for example, are notorious for their malicious payloads, so while employees are having a good time on break, keyloggers, mini e-mail servers, and other unexpected applications are coming through the network pipe right to their computer. Don't let that happen.
Rather than assuming that employees will conduct themselves according to "common sense," IT directors should develop an acceptable use policy that defines appropriate behavior.
slide 4 of 6
The Business Software Alliance (BSA) sometimes runs advertisements that encourages employees to report the use of unauthorized software in their workplace. This may be the single-biggest IT-related legal threat facing companies today. All it takes is one disgruntled employee, or one mischievous troublemaker to see someone running a program they brought in from home, and - BAM! The BSA is at your door or in your conference room talking about a settlement for intellectual property rights violations. IT directors do not want this to happen.
Enforcing policies out of fear is one thing, but some businesses want to do the right thing as a matter of principle. The bottom line is that IT personnel cannot police the licensing policies of employee software to make sure that it can be legally used at the office. Because of this, keeping unauthorized software off of the network is simply good business.
Another risk of having unauthorized software on networks is the possibility of illegal activity. For example, if an employee installs software on a computer that receives transmissions from their spouse's illegally-bugged computer, the company could potentially incur some liability issues should a case go to court.
Similarly, if employees are using the company's high speed DVD duplicators to illegally copy music, movies or software, the company could get in serious legal hot water.
Legal issues can also arise from unauthorized content on company networks. For example, employees may have legitimate sexual harassment complaints if pornography is visible in the office by other employees. Additionally, accessing pirated music, movie and software sites could get your company slapped with criminal and civil charges.
slide 5 of 6
The Best Policy
The risk of having unauthorized software on network is too great for a flippant attitude; so don't ignore this problematic issue. Employees and even executives can get careless by installing their own applications and unwittingly open the company up to unnecessary expenses and embarrassing publicity.
Companies with the best policy understand the risk of unauthorized software and educate their employees about those risks. Policies should be implemented that define unauthorized software and content and the penalties for violating those policies should be clearly documented and enforced.
slide 6 of 6
Neate, Joshua, "Unauthorized software a threat to network security" retrieved at http://www.spangdahlem.af.mil/news/story.asp?id=123146410