It’s the dirty little un-secret we all know, but don’t want to talk about. Porn is alive and well in the workplace.

A 30-year-old man was charged with possessing child pornography after images allegedly were found on a computer at his workplace at the William J. Wrigley Company. Rory Griffin was charged with one count of possession of child pornography.

According to police officials from the Wrigley Co. notified police that technicians fixing a company computer found images that appeared to be child pornography, (see Wrigley Co. Worker Charged With Child Porn).

I personally know of one major brand ‘beverage’ company where the top three most surfed websites are all porn sites. I’m certain they’re not the only one.

In 1995, Chevron Corp. paid $2.2 million to settle a sexual harassment case brought by employees who were offended by an email titled "25 reasons beer is better than women." -- Combating porn in the workplace.

In 2004, the Internet Watch Foundation, the UK’s child porn watchdog, received 17,255 reports of illegal child images, 20% of which were websites. While more and more legislation is punishing those that indulge, the IWF said some managers feared finding themselves caught up in criminal proceedings.  An IWF survey of 200 firms found 74% of managers would not report guilty staff to the police and 40% would not take steps to discipline or dismiss them.

Changes to the Sexual Offences Act in England provided a conditional defence to protect network managers who need to store potentially illegal images of children as evidence. However, it is only valid if the incident is reported within a set amount of time. The age where a picture of a child is considered illegal has also been raised from 16 to 18.

While there are network programs that can block access to certain websites, or only allow access to certain approved websites, there is really very little that an employer can do to fully block workplace porn. If employees want it, they can get it.

The best approach is to treat employees like adults. Establish acceptable use policies and have employees agree to it. If you suspect that child porn may be downloaded, phone the police. Don’t attempt to do any forensics, call the police right away.

RELATED READING:

Protecting your goods

www.WiredSafety.org

© 2006 Toby Ward - Prescient Digital Media

Securing your intranet requires more than just technology. In fact, employees represent your highest risk and point of breach.

CMPnet.com’s David Joachim covers the top 10 worst security practices in Lethal lapses:

1. If you find a security hole, buy a product to fix it.
2. Ignore the human element.
3. "Full speed ahead and damn the torpedoes" is our motto.
4. To run a tight ship, take an authoritarian approach.
5. Make access privileges an all or nothing proposition.
6. Treat all data as equal.
7. Back up everything, every night.
8. Perform audits and penetration tests infrequently, and in-house.
9. Endpoints for everyone.
10. Make sure security is highly visible, even intrusive.

“Most of these observations are about process and behavior rather than technology,” writes Joachim “That's not to say technology isn't important. But security pros generally have a mastery of bits and bytes and how to protect them. What's often missing is a sense of the big picture and how each separate alteration to the network affects the whole.”

RELATED READING:

Assessing your security risk

Best practices: securing your intranet

Email and intranet are biggest wireless threats

Securing your intranet from the inside