Non-work use of the company's internet connection is not only a waste of time and bandwith, it could also have serious legal repercussions for the business, says Frank Coggrave.
Is discovering an employee downloading the latest Britney Spears song using free peer-to-peer (P2P) software just a nuisance to the IT manager? Is it eating up network bandwidth, or is it just an unsupported application let loose on the company's IT infrastructure? To quote Peter Cook and Dudley Moore, the answer is "not only, but also".
These issues are a concern to any organisation, but it is also illegal. Downloading pirate material not only infringes existing copyright laws but, since March this year, it also breaches the EU Directive for the Enforcement of Intellectual Property Rights. This makes the US digital media rights laws pale in comparison.
Under this directive, which member states must incorporate into their national law in the next 15 months, counterfeiters and pirates will be prosecuted, facing fines and other civil penalties for breaching intellectual property rights. In the fight to crack down on this type of crime the directive enables copyright owners to seize users' assets and freeze their bank accounts, regardless of whether there was any financial gain.
The law can be used by music companies and owners of intellectual property to prosecute those who use P2P systems to illegally download music or other content.
Although an amendment was included to treat consumers downloading the current number one single differently to organised gangs running large counterfeit operations, it will not do much good for a company's reputation if one of its employees is accused or prosecuted. Litigation to date includes a 23-year-old German man facing a bill for £5,300 for storing 6,000 MP3 files on his computer and 88 Danish filesharers facing an average fine of £2,000 each.
If the pirate music is found on the company's servers, arguably the company could be complicit, with the finger being pointed at the IT director.
But is it much of a problem? Recent research suggests so. The British Phonographic Industry has revealed that eight million people in the UK download music, with 92% doing so via illegal P2P software.
Experts believe that at least 75% of downloads are taking place at work, where people can access faster internet connections. So what can IT directors do to avoid opening their systems to abuse? Should they prevent employees accessing the internet? Although this would solve the problem, this Draconian approach would do little for employee morale and could reduce workers' productivity, especially as a large number of staff need to use the internet to do their jobs.
Even requesting employees to avoid certain websites and downloading applications from the web is not completely foolproof. It is a fact of life that there will always be users who persist in disobeying the rules, especially if they think it is harmless. At the same time, companies should not leave themselves open to abuse - it would be like leaving the keys in the ignition for car thieves.
P2P software is not illegal in itself. Organisations should be asking whether they want to allow their employees to download these applications that pride themselves on infiltrating the network and beating defences. What is more, no P2P application has been delivered yet that offers a real business advantage. So why enable users to download these applications?
Ultimately IT directors are responsible for ensuring that the appropriate controls are implemented to mitigate the risks associated with the use of pirated software. It is their job to ensure that employees are using the internet sensibly, according to company guidelines. It is not the duty of the ISPs nor the file-sharing software providers to regulate how their systems are used.
Companies need to draw up clear internet access policies and ensure they are both communicated and enforced. Non-work use of a company's internet connection is not only a lot of wasted employee time and bandwidth, it could also have serious legal repercussions for the business.
The excuse "we couldn't stop it" also does not work. Technology and processes are available to clamp down on this abuse and protect your reputation.
The Police are great, but keep them off your severs, and away from your door.
Frank Coggrave is UK regional director at Websense