The Abuse of IT Resources
by Robin Bloor, Partner
Wondering why its broadband link was saturated, a company bought and installed a network monitoring appliance and discovered that one of its 60 or so PC users was consuming 40 percent of the company?s bandwidth. Her PC was examined to see why and at first, no-one could work how it was happening. Then one of the support staff noticed that the PC had a miniature web cam attached to the side of the monitor. Sure enough, that was the source of the problem.
The PC user, a recent recruit and a young woman with little knowledge of PCs, but enough to load software and plug in a web cam, had no idea that she was chewing up so much communications resource. She had installed the web cam so that she and a friend of hers on the West Coast could wave at each other in slack moments during the day. The web cam was removed, solving the problem, and the offending employee was given a warning.
Is This Problem, Your Problem?
Do you know whether any abuse of IT resources like that is happening in your company? If you aren?t monitoring the network and Internet activity of users then it probably is.
Cymphonix (Sandy, UT), the company that sells Network Composer, the monitoring device used in the situation we just described, reports that nearly every one of its customers ends up discovering one or two rogue users who are squandering company IT resource. Such users it turns out, are usually a greater security risk too.
So, what are the causes for concern?
Clearly, any unapproved activity that eats up communications bandwidth denies resources to applications and legitimate users. Rogue users may not realize it, but they are usually slowing down the company?s business activity. From the bandwidth perspective, the most common rogue activity is the use of P2P file sharing software to download and exchange music and video files, although Internet game playing also has ability to chew up a good deal of resource.
Security is also an issue with the behavior of rogue users. Some web sites can be sources of spyware infection, users can sometimes be fooled into downloading viruses via chat software and, as is now well known, email is a common source of virus infection. There are a variety of security risks from simply using the Internet, and new ones emerge regularly.
An HR Issue!
This is both a technology issue and a human resources issue. Most companies have an official policy for both staff and contractors, which declares and explains legitimate use of the Internet. The problem is that such policies are rarely enforced effectively and that users themselves, even if they intend to be model employees, may still run risks. In order to enforce such policy there is no option but to monitor user activity.
There are ppliance, Network Composer, records all user activity in real-time and keeps a log of which web sites users visited and which computers they connected to. It also has the ability to block access to undesirable or dangerous web sites, such as pornographic sites. It will identify rogue users very quickly.
For companies that prefer a softly-softly approach to monitoring users, Cymphonix recommends a two-step implementation, which seeks to avoid any initial staff embarrassment. Step one is to add the appliance to the network without directly informing company staff. After a couple of weeks, it emails all staff telling them what Network Composer does and how long the device has been active. It also lets them know that they can examine their own (but no-one else?s) Internet usage through a query capability and that in a few days, the existing record will be deleted. Step two is to start logging all activity for real.
Staff are normally relieved rather than outraged by such an implementation strategy.