Communication

Using organization’s devices and network for private communication is neither appropriate nor ethical if the organization have clear rules to prevent it. On the other hand, even if it is allowed by the organization, it increases potential risk for viruses and leakage or loss of organization’s information. Each of the three situations described differ in terms of ethicality and the level risk it exposes to the organization’s network. In most organizations the use of its network in personal communication is not allowed and they have rules to penalize in case of their occurrence.

In the first situation, in my opinion is the more critical than the second but less than the third, this because using organization’s network during office hours adds the risk of less productivity because instead of concentrating and dedicating his time and efforts to serve the company, he is spending his time in non-work related stuff, which is affecting the outcome of their work and will lead to lower productivity. In addition to that he exposes the corporate network to perform less effectively, he is consuming the corporate bandwidth with non-work related traffic, regardless of how minimal the traffic could be, still the network bandwidth will be affected. For example, in our organization we have a network link, which connects other branches, DR site, ATM machines and a lot more. As well the same link is used for the main office Internet access, if employees consume the bandwidth in non-work related tasks, it will eat up the bandwidth and it will affect the organization financially.

Another risk could be exposed by the first situation, which is shared with other two situations, is the risk of exposing organization’s network to viruses, Trojans, malwares and so on. This could lead to information leak, and compromising sensitive data, or the virus might be destructive to the PC itself, his could lead to re installing of the PC and that could lead to not producing for a full day, which most probably will affect the entire network and not only that employee’s device.

The second situation exposes less risk when compared to the first, the risk can be in exposing the organization’s network to viruses and Trojans, which might lead to loss of sensitive information, well it overloads the network with unnecessary bandwidth than could affect the organization’s services, such as official website, internet banking services, connection with remote branches as so forth.  Both situations can be controlled by the organization using spam filters, corporate antivirus systems, and security devices to monitor and block unnecessary traffic.

The third situation is different from the two above, and its added risk relies in the lack of control from the employer, the potential of having viruses, Trojans and malware increases. Most probably the employee will have access to install unsupported applications, and peer-to-peer clients, which increase the risk of being affected by viruses. In this case, like other two situations, risk of overloading companies network with unnecessary traffic and risk of exposing organization’s information is high as well. Although, the technology since a couple of years back, forces the teleworker to update his anti virus system and operating system patches before he is authenticated, but this is not used by most of the organizations.

Reference:

Adams, J., (2006), 'Personal Email Use at Work Creates Big Security Risks', Bank Technology News, 19, 12, p. 21, Business Source Premier, EBSCOhost, [Online].

(Accessed 27 May 2011)

Ball, K., (2001), ‘ Situating workplace surveillance: Ethics and computer based performance monitoring’, Ethics and Information Technology, Computer Science , V2, I3, pp. 209-221, ISSN 1388-1957, doi: 10.1023/A:1012291900363, Url: http://dx.doi.org/10.1023/A:1012291900363 ,Springer Netherlands, [Online]. (Accessed 27 May 2011)

Mason, S., (2005), ‘Email and compliance’, Computer Fraud & Security, Volume 2005, Issue 12, December 2005, Pages 8-11, ISSN 1361-3723, DOI: 10.1016/S1361-3723(05)70284-0, ScienceDirect, [Online].

(Accessed 27 May 2011)