Supporting corporate social responsibility
28 January 2010
Andy Churley, Security Advisor to PixAlert supporting corporate social responsibility - protecting staff and reputation by preventing illicit images.
With an increasing number of entry points available for the introduction of unwanted image material to the corporate network, companies and managers are exposed to the growing risk of prosecution if they do not take action. Andy Churley, VP Marketing at PixAlert explains. A recent survey into illegal and inappropriate images in the workplace conducted by PixAlert and the Chartered Institute of Personnel and Development, CIPD, revealed that over 70% of UK companies have already taken disciplinary action as a result of employees viewing pornographic images on their company computers.
In the US, a similar survey among the 500 largest firms showed that 40% have disciplined staff over illegal or inappropriate images in the workplace over the past 12 months. And it’s not just a private sector problem. An Audit Commission report published in June this year highlighted a huge increase in the viewing of computer pornography by public sector workers. The scale of the problem is reflected by the incident at the UK Department of Works and Pensions that hit the headlines last year. It was disclosed that, after an investigation, 2 million inappropriate images and, more alarmingly, 18,000 illegal images were discovered on their computer systems.
Lack of Awareness
A part of the illicit image abuse problem is lack of awareness and understanding. The PixAlert surveys revealed that over half of senior managers in the UK were unaware that they and their organisation could be criminally and civilly liable if inappropriate or illegal images were found on workplace computers. In the US the figure was 1 in 4. Legislation on child pornography in Europe varies by jurisdiction. However, in most cases the penalties are be severe and in many, vicarious liability applies. For example, the legislation in the UK is clear - directors and the managers they appoint could be held personally liable if negligence is found in the management of data and images on workplace computers with a penalty of up to five years imprisonment.
Responsible employers also have a corporate social responsibility, a duty of care to ensure that employees are able to work in a safe environment free of discrimination or harassment. Unwanted exposure to illicit images in the workplace has been the cause of numerous sexual harassment claims. There are a number of international and national measures and acts, concerning corporate social responsibility, which should also be considered, such as the UN Global Compact and the European Green paper on Corporate Social Responsibility.
Not just an Internet problem
The conventional method of preventing pornographic or illegal images entering the corporate network is by implementing an Internet gateway filtering solution. But gateway technologies are limited in scope and can easily be bypassed using techniques such as encrypted data transmission, unrecognisable file formats and secure connections through HTTPS. But even if these limitations could be overcome, today’s desktops are subject to multiple data entry points. PCs have conventional points of entry such as a CD/DVD drive, Ethernet card and serial and parallel ports. But with USB, Firewire and wireless networking, the desktop has been opened up to multiple new hardware devices with high data transfer rates such as portable hard drives, memory sticks, 3G phones and cameras.
Prevention
Gateway filtering is only a small part of the solution. At the UK Department of Works and Pensions it was reported that only two months after installation of image detection software at the gateway, a further 500,000 inappropriate images had been introduced on to its computers. The only effective solution is to audit files on corporate IT resources and monitor and report on images as they are being viewed by the user. To undertake a detailed audit of machines across an entire corporation, can take months or even years. However, using the latest image analysis technology it now only takes days or weeks for even a large organisation to detect inappropriate and illegal content stored on all PCs, servers and removable media including email archives, embedded images and ZIP files and provide a detailed audit trail and comprehensive management reports.
The same technology can be used to identify and prevent inappropriate or illegal images at the desktop in real time. Images that breach pre-set guidelines can even be blurred to avoid the risk of inadvertently displaying a harmful image that may lead to sexual harassment claims. Full details, including the PC designation, user name, file name, date and time and even the application being used to view the image are recorded and can be dealt with by the designated administrator and HR department.
Line of Defence
While in most organisations monitoring of computer systems is permitted, it is essential to have an unambiguous and up-to-date Acceptable Computer Usage Policy. This should be communicated to all staff so they are fully aware of expected employee behaviour, measures the organisation is taking to monitor and enforce as well as the disciplinary policies and procedures. Clearly it is time for companies and organisations to take action. Reinforcement of policy, regular audits and a visible line of defence at the desktop is the only sure way of dealing with and ultimately putting a stop to this undesirable activity in the workplace.
<- Back to: Resources