Tuesday, August 25, 2009

Keep Your Viruses to Yourself, Thank You Very Much!

Netzwerk Zugangskontrolle - keine Chance für Malware by Sophos D/A/CH Presseinfo.The low cost of hi-tech

The borders between work and home have increasingly become blurred thanks to technology. For many of us, the day we bought our first cell phone was significant in many ways, but one thing that probably didn’t occur to most of us was that that liberating device was paradoxically also a ball and chain that would make us ever available to a demanding world.

As technology has become cheaper, both business provided equipment and personal tech have meant that we are increasingly taking work home. My company for example provides at least three different ways that I can connect to the office network from home – quite separate from the completely crude method of copying files to a flash drive to take home. So despite the standard of the 40 hour work week, we all pretty much work longer. The only difference is whether you work till the lights come on at the office or work until you realise that your generator is the only one left on in the neighbourhood at home.


The other side of the story

This issue was a problem debated long before the current technology revolution and was once touted as a sign of great devotion, but is now often seen as a grave risk to the person’s physical and emotional well-being. Technology has just made the situation much worse. Something not often discussed is that the same low cost of technology (or increased purchasing power of people) means that we are taking more technology from home to the office. In addition to the cheapness of the technology is the fact, as has been discussed again and again on this site, that technology is now an inseparable part of our existence. This results in a huge problem.

We bring our personal blackberries, laptops, digital cameras and flash drives to the office and use them in conjunction with company provided computer equipment. We connect them to our PCs.  Sync our calendars and contacts. Copy stuff back and forth between them. Did I say the lines are blurred? They no longer exist! Now company systems and networks are designed to be closed systems with carefully planned points of entry and egress. This is for several obvious reasons. First is security from loss of company data to data thieves. Secondly is protection of computer equipment from viruses and other malware. So companies set up firewalls to keep out hackers. They invest in thousands, hundreds of thousands and even millions of naira on antimalware software. Elaborate systems for logging into computers (with password and ID being the most basic) are implemented. However, all this protection is wasted when an employee takes a flash drive from an internet cafe bearing a virus that Symantec hasn’t even heard of yet and plugs it into her computer at the office.

That Anne Robinson phrase

Businesses very often have pretty stringent and well iterated security tools and practises to protect their computer equipment. Many of these tools and practices are rather inconvenient for people to use and adapt to. We may now be used to having to create complex passwords that we have to reinvent every three months, but it wasn’t always so. A true story is told of a help desk agent, who in frustration at a user who just could not seem to create a password that met the company password complexity standards, finally offered to create one for the user. He gave the user a password that had the right mix of letters in both lower and upper case, numbers and special characters. He gave the customer the letter “I”, the character “@”, the letters “m”, “A”, and “f”, the number zero in two places and lastly the letter “l”. The customer was very grateful for the assistance, until he decided to write it down. The help desk agent’s manager had to intervene to calm down the customer’s fury at being given a password that said “I@maf00l”.

Though we have these stringent rules at work we are not as disciplined with our personal technology. So people install antivirus software, but never update them. We don’t backup our data and we are not particularly careful about the devices we connect our equipment to or the websites we visit. We now bring this “polluted” equipment to work and connect to our systems. 9 times out of 10, the antivirus software installed on the company computers catches the virus before any harm is done. It is that 1 time of the 10 that causes all the damage. Yes you are the weakest link.

As a result of this type of situation, some of my colleagues were up all night this last Friday cleaning out their servers that were virus infested. I and another colleague spent all Saturday in the office making sure that that infestation didn’t reach our in Lagos. And no, this is not what we are paid to do. As part of this effort we woke up colleagues on the other side of the planet, some of them on vacation, to assist with the effort. Never mind the thousands of man-hours lost as a result of the servers and the data that were not available.

So forgive my understandable ire, when I say with admirable restraint and no profanity, that since you are not going to take time out to do it right then don’t take your personal flash drives, external hard drives and the like to work and connect them to your computer. As much as is humanly possible keep your personal tech separate from your company equipment.

Keep your viruses to yourself.


Picture © Sophos Germany