I fought the law and the law won
One of the most pressing reasons for installing monitoring or control products is to minimise exposure to legal liability.
According to Leif Gamertsfelder, head of the E-Security Group at leading international law firm Deacons, an organisation could face liability under a range of laws as a result of a misuse of its information systems by an employee.
For example, liability for sexual harassment or racial vilification could arise where the conduct complained of offends other employees. This could happen if pornographic material was distributed around the workplace via e-mail, for example.
In one case, a US corporation was fined US$2 million in a sexual harassment case due to the fact that pornographic material had been distributed internally using its e-mail system.
Gamertsfelder says other areas of potential liability include the Trade Practices Act, contract law, negligence law, the Corporations Act and the ASX Listing Rules.
Such liability may arise for instance where the conduct of an employee results in a breach of IT security causing a denial of service. This in turn leads to the organisation or its trading partners suffering loss or damage because they cannot operate normally.
This loss or damage could be in the form of increased security expenditure for remediation purposes or lost profits. Steve White, principal of White SW Computer Law, concurred that the potential liability arising from misuse by employees is very wide.
"A company is vicariously liable for the acts of its employees done within the scope of their employment. This could include discrimination issues all the way through to defamation and trade practices issues," he says.
Losing an unfair dismissal case can be expensive for an employer, says Barnard, so you need good records to support sacking someone for accessing pornographic or other unacceptable material at work.
Monitoring software can help prove an employee's claim of mistyping a URL or accessing a domain that previously presented innocuous material, or reveal a pattern of inappropriate behaviour.
"You don't have a leg to stand on if you are a company director and you don't have a[n Internet access] policy or you haven't tried to enforce it," says Chy Chuawiwat, General Manager Asia Pacific, MIMEsweeper Group, Baltimore Technologies (Asia Pacific).
"The loss of reputation in losing intellectual property . . . is a big damage," he warns. The disclosure of intellectual property by e-mail, whether inadvertent or deliberate, is a real problem, especially where disgruntled employees are concerned.
Apart from the loss of value, the company's reputation suffers, just as it does if it is the victim of a hacker attack or a major virus infection.
Talking of viruses, scanning all outgoing mail for unintended payloads may also help preserve your reputation. Scanning for viruses and confidential or inappropriate content can be done simultaneously by some products.
i think that the cyberbludging special was helpful