When my company first entered the “electronic age,” editors were prohibited from having CD/DVD drives. Never mind that clients were supplying new product information on CDs. Then, the IT wunderkinds decided to block some websites. After all, employees should focus on business tasks, right? But the most egregious, stupid and humiliating misstep the IT department took was when it decided to use a word “filter” on forums. Might be a good idea — uh no!
Guess what? I couldn’t register for my own Broadcast Engineering forum. You see, my last name didn’t pass the “safe word” test. At first the woman in charge of our company forums said that I was wrong; there was no filtering going on. I must have “made a mistake.” I may not be the brightest bulb in the package, but I smelled an untruth in her answer. Telling me I was wrong was like waving a red flag in front of a bull.
I decided to test her truthfulness by running a few tests. I then tried to register for the forum using these and a litany of other words: b**ch, sex, breast and that most naughty of all words ... dick. None of the these familiar, even if perhaps tacky, words got past the nanny censor. Our company was filtering words, but the staff just wasn’t being honest enough to admit the truth.
Armed with my list of words, I confronted the supervisor of the forum. Her first suggestion was for me to “use another name.” “Uh, no. That’s not acceptable,” I replied. After a bit more conversation, she promised to look into the issue. The next day, she said that the “filtering has been turned off.”
The bottom line is that often those in power seek to misapply that authority even when it is unnecessary to do so. That’s sometimes the case today with social network sites.
Using Palo Alto Networks as a resource (recognize that it has a vested interest) let’s look through some common Enterprise 2.0 applications that might place your facility at risk. (Editor’s note: Risk descriptions are based on data obtained from Palo Alto Networks. An interactive tutorial of some software applications’ risk is available.)
Should you block access to these sites?
YouTube. While the site is primarily user-provided content, many companies use it to deliver training videos and promotional materials.
SharePoint. Studies claim that as much as 30 percent of SharePoint applications are rogue and deployed without IT permission.
Twitter. Almost 90 percent of all organizations use Twitter, many for business purposes. Even so, recent malware has shown to be able to steal passwords enabling identity theft and malware infections.
Facebook. This highly popular site is used by 94 percent of organizations, again often for legitimate business purposes. Broadcast Engineering has a Facebook page.
WebEx. While often used for online conferences, WebEx offers PC remote control capabilities that could be exploited by hackers.
Google Docs. This cloud storage application enables employees to easily move files and content outside corporate firewalls.
Skype. This popular phone and video conferencing software relies on port hopping, traversal and dynamic routing to evade corporate firewalls.
I’ve hear engineers brag about how tightly they’ve managed to “lock down” a facility’s communication network. Yet, in the next breath the engineers almost always say that the news people are always complaining that they need access to something on the Internet. Well, duh!
The reality is that managing Internet access is a complex issue. As hard as IT may try to install roadblocks, developers will find ways around them. And users can be amazingly resourceful. Tell a news person a specific URL is blocked, and he or she will just go to www.proxy.org and get it there anyway. Now you look stupid.
We’ll look more closely at managing Enterprise 2.0 applications in another post.
