Did The Wall Street Journal sabotage businesses by publishing tips on how to circumvent IT? In the Monday, July 30 edition of The Wall Street Journal, there was a special section on technology that led with the article “Ten Things Your IT Department Won’t Tell You” by Vauhini Vara. If you haven’t read the article, you should take a look because some of your users may have have already seen it, and as a result they may be engaging in activities that put themselves and your IT department at risk. Here is the list of the 10 items in Vara’s article:
Make no mistake, this article was extremely popular. The Wall Street Journal publishes its list of the Most Viewed and Most Emailed articles on WSJ.com for each day, and for July 30, “Ten Things Your IT Department Won’t Tell You” was one of only two articles that made the top five on both lists. It was No. 1 on both. Sanity check While I am generally a fan of The Wall Street Journal — and their tech coverage is typically rock solid — I was very disappointed by this piece. Although it did not reveal any information that couldn’t be found elsewhere, I don’t like the fact that the Journal spoon fed a bunch of dangerous tips to users and all but encouraged a quiet revolt against the IT department. A few of Vara’s tips are fairly innocuous, such as “How to send giant files” and “How to clear your tracks on your work laptop.” In fact, many IT pros could pass those items to users along with some tips of when and how to use them. The large file issue can ease the burden on e-mail attachments and storage and the “clear your tracks” tip can be turned into a good privacy and security practice. However, several of the other tips are dangerous to the point of idiocy, especially “How to use software that your company blocks,” “How to visit Web sites your company blocks,” “How to search your work documents from home,” and “How to access your work email remotely when your company won’t spring for a BlackBerry.” The issue of showing users how to access software and sites that the company has filtered is a recipe for disaster. Often the stuff that is banned is banned because it can introduce spyware and malware to the system or it can bog down the computer and/or the network. When users find ways around that, they introduce significant security and privacy risks to the company and they can potentially decrease their own productivity by clogging up their machine with spyware and adware. In terms of “How to search your work documents from home,” Vara recommends using Google Desktop to sync documents between a work PC and a home PC. That might be okay for a few consultants and small businesses, but it’s a terrifically bad idea for anyone in the corporate world (The Wall Street Journal’s core audience). The implications for privacy, confidentiality, and compliance are severe and very serious, especially if any of the files involved contain customer or financial data. Plus, there are easier ways to handle the issue that preserve security, such as a VPN connection and Remote Desktop from a home PC to a work PC. And then there’s the issue of “How to access your work email remotely when your company won’t spring for a BlackBerry.” Forwarding work e-mails to personal e-mail accounts and devices — as the Journal article advises — is another potential disaster waiting to happen. It raises the same issues of confidentiality and compliance because when you forward all mail, it is very likely that you’ll end up sending customer data and corporate financial information to your personal accounts. While the Journal article ostensibly shows some responsibility and restraint by including sections on “The Risks” and “How to Stay Safe” for each of the ten items, the author either does not fully understand all of the security and compliance risks involved or simply chose to make light of many of them. Either scenario is a strong indictment against the article. The compliance issues, while mentioned in the article, are much more serious than Vara seems to realize because they can expose a company to major financial risk (in the form of fines, lawsuits, and legal fees). Likewise, the security issues are much more serious than the Journal article presents them. Hackers have gone professional (and in some cases joined forces with organized crime) and are out there looking for employees and companies to steal data from and use for blackmail or money laundering. The TJX security scandal could serve as a sober warning to that effect, once all of the details come to light. While users often get frustrated with the IT department and the restrictions that it puts in place, the answer is not to train people how to make an end run around IT. In many companies, there’s already too much of a disconnect between IT and the rest of the organization because of the fact that IT often plays the role of a policeman — to serve and to protect. The root problem that The Wall Street Journal was trying to address is that many users want and need to do some personal computing on their work machines and/or access work apps and data from their home machines or devices. That’s a reality that businesses and IT must face and must come up with some workable solutions. Since many of today’s users access their e-mail and work during “off hours,” it’s certainly reasonable that they should also be able to do a little bit of personal computing during company time. There simply needs to be a safe and relatively easy way for them to do it. Some companies have solved this with separate virtual machines, using VMware or Virtual PC or a Web-based solution like G.ho.st. Other solutions need to be explored and big players such as Apple and Microsoft, as well as small vendors with creative solutions, need to all be involved. This will be an important part of the next generation of operating systems, devices, and a borderless information security strategy. For The Wall Street Journal, which depicted itself as a “public trust” during its recent acquisition tug-o-war with News Corp, fueling a turf war between IT and its users is not the kind of journalism that meets the high mandate that it has set for itself. For IT departments, the genie is out of the bottle on many of these tips and tricks that allow users to circumvent IT procedures. As a result, IT departments need to aggressively partner with employees, educate them on the severity of security and compliance risks, and find ways to meet the needs of users whose computing experience now overlaps between work and home. What do you think about The Wall Street Journal’s list? How do you think IT can help users bridge work computing and home computing while still maintaining data security? |
Did The Wall Street Journal sabotage businesses by publishing tips on how to circumvent IT?
- by EMT
SHARE
UPCOMING VIRTUAL EVENTS
Demystifying Cyber Security for SMBs
The continually changing threat landscape requires us to update best practices and add new concepts to keep your organization safe.
SESSION 4: Cyber Security Strategy
Watch On-Demand
SESSION 5: Cyber Insurance & MFA
Watch On-Demand
SESSION 6: Threat Detection | JAN. 15
Microsoft Copilot
Master Class Workshop
eMazzanti will host 60-minute Master Classes, that speak to how AI can help your business streamline and grow.
In each session, you will have Artificial Intelligence and Automation explained, view a live demo of Copilot, and see it live in action in a dynamic format.
RESOURCES
Cyber Security Awareness Hub
Cyber Security Awareness Kit, designed to be delivered to your team in bitesize chunks.
We are sharing the resources and highlighting services your organization needs, covering everything from multifactor authentication to software updates, showing your users just how easy it is to improve their security posture.
Resource Library
Insights to help you do what you do better, faster and more profitably.
> Tips to Stay Protected Against Phishing Attacks
> Understanding Ransomware
> The 6 Known Wi-Fi Threat Categories Targeting Your Business and How to Defend Against Them
> Practical Advice for Avoiding Phishing Emails
NEWSLETTER
"*" indicates required fields