Top 6 Information System Violations We are given many luxuries while at work. This has become the new norm in the modern business world. One of the most beneficial, but also most dangerous, are information systems. Information systems are defined as “organizational systems designed to collect, process, store, and distribute information” (IGI Global). This system has 4 distinct parts; people, processes, technology, and data. These 4 components are crucial to the success of your business and its day-to-day operations. The systems are vulnerable though. There are many ways employees can abuse information systems, either intentionally or unintentionally. Today on PlexTrac.com we are going to talk about how NOT to use your Company’s information systems, and specific violations you could commit. 1. Exposing the Company to actual or potential monetary or reputation loss through the compromise of data security or data loss. Accessing a Company network is a huge responsibility to manage as an employee. Hackers and other companies want access to your information. But they REALLY want other deep company secrets on the network. You must be extremely careful when connected to your network. This means avoiding shady websites, not falling for phishing schemes via the Internet or Email and avoiding any other potentially harmful situations where company data could be lost. 2. Use of Company systems for disclosure of or other unauthorized use of client of Company data. When working at a Company most of the information you see is private or confidential. Keep it that way! Divulging information about customers, other employees, or the organization itself is a massive violation of your Information System use. This also means you cannot use this private data for personal use or gain. If the information appears private or confidential it probably is, so don’t disclose it. 3. The use of Company systems for illicit purposes, which may include violation of any law or regulation. This violation may seem obvious, but don’t break laws while online at work. Don’t break laws ever… but breaking laws on a Company network spells big trouble for you. This information can be mined easily by law enforcement or other officials and used against you in court. Most companies save emails, browsing history, and most other actions you perform on their devices for future inspection. Also, just because you’re at work does not make you any less liable for the actions you perform on the Company network. Keep It classy. 4. Information System Violation 4 – Access or use of Company information systems for functions unrelated to business activities in any way. Everyone loves to play games and surf their social media websites. However, these are activities for when you are off the clock and off the Company network. The use of information systems for items unrelated to business like video gaming and web surfing is strictly prohibited. With us having more distractions than ever before on the Internet, this may be a hard violation to control. However, your company productivity will increase exponentially, and actually be significantly more secure once you do so. 5. Unauthorized removal of data from the Company (e.g. removal of tapes, flash drives). Company data is company property. Devices like CDs, flash drives and tapes are prime candidates for potential information system violations. These devices often contain private information that is important to your Company. This information, once removed from the Network, could easily be compromised, stolen, or given to somebody else. Do yourself a favor and keep all Company property at work. If you must work from home, secure the information and network you work on. 6. Unauthorized use of any Company-owned software. Businesses usually have access to expensive, valuable, and useful software. This software is vital for your daily business activities but could also be useful for personal reasons. For instance, using your Company Adobe Photoshop membership might support your personal hobby of photography. However, if you plan to use Company software for personal reasons make sure you have the clearance to do so. Unauthorized use of software that your Company purchased is a violation of your information system use and could lead to negative consequences. Other Information System Violations Unauthorized changes to the configuration of any Company information system. Intentionally gaining unauthorized access to information systems, programs, files and data. Any other event that would compromise the security of the Company’s information systems or our clients’ and partners’ information systems Consequences of Information System Violations Everyone makes mistakes. But the security of a Company’s information system needs to be taken seriously. Since these violations vary widely in damage to the Company itself, the consequences of violations will also vary widely. Violations of policy could result in any of these actions: Verbal warnings Temporary loss of access privileges to Information Technology (IT) systems. Permanent suspension from IT systems. Termination of employment. Other disciplinary action deemed as appropriate by management Civil and/or criminal prosecution
Vulnerability Assessment vs Penetration Testing: Understanding the Key Differences Vulnerability Assessment vs Penetration Testing READ ARTICLE
Unlocking Continuous Threat Exposure Management: New Features for Prioritizing Remediation Based on Business Impact The evolution of product security READ ARTICLE