Right, but no employer should expect that run-of-the-mill routine never gets disrupted.
I’m not saying this isn’t a concern, of course. If this happens too often, then you’re talking serious money.
I’m just saying that based on this one incident, the “cost” figure is probably a bit disingenuous.
What kind of idiotic security policy allows you to willy nilly run unknown executables? Unless you are a programmer, there is no reason to. Even then, you can restrict that ability to only run signed executables or for certain programs/directories. Windows has Software Restriction Policy and AppLocker in the GPO for these reasons: Stupid Users. With a SRP enabled, the executable in the e-mail would have done nothing even if you tried running it. Only the Administrators need to have full access to run executables anywhere.
Why not? Most corporate workstations are pretty much identical, and it can be more cost-effective to re-image a box than to clean it. I very much doubt that there were 883 new boxes installed. More likely, a virus-infected box was replaced with a pre-imaged box, then re-imaged and used to replace the next virus-infected box.
Exactly, I’m sure they didn’t have to go down to Best Buy and actually ask for 900 new computers. They reused ones already in thrir possession.
Gmail won’t let me send executable files even if I zip them first. That is more restrictive than the company I used to work for.
Nowadays, even regular web surfing can be fairly hazardous. It used to be I wouldn’t have a problem surfing mainstream web sites, but now I get infection notices even from the NY Times. I thought that had to be a mistake, but it was on the news the next day.
I just up a computer for some friends kids and I put Ubuntu on it. They already knew how to use Firefox and worst case is all I have to do is reinstall Ubuntu if it is totally FUBAR.
I just read an article the other day about an employment litigation dispute. An employee sued her employer for alleged discrimination, but the employee had pre-litigation email communications with her attorney about the dispute using her personal web based account through a corporate computer.
The employer managed to mine the emails off the computer system she used to access her web based account. One issue in the case was about how to handle the pre-litigation emails in the course of the litigation.
The employer argued that since the emails were on a corporate computer, the emails were the property of the employer pursuant to the stated corporate policy about using company computers.
The employee argued the emails were not company property, were confidential, and were protected by the attorney-client privilege. Although she used a corporate computer, the communication with her attorney was through her own private, password protected, web based account, and company policy did not apply.
The court ruled that, regardless of the fact she used a corporate computer and regardless of whether she used that computer on company time or on company property, the employee had a reasonable expectation of privacy when using her own personal, password protected, web based email account. The emails were privileged and not corporate property.
So, the “security reason” for an employer prohibiting freemail use from work computers is that the company wants to try to maintain full control over all emails on company computers, especially in cases where the employee is using a company computer to communicate with an attorney about suing the company.
I’m not really invested in this discussion, but doesn’t “ownership of email as a hedge in the unlikely event of an employee-initiated suit” seem a little narrow in light of the already stated firewall concerns? I’m not saying it’s definitely NOT a factor, but it hardly seems like a major one.
change:
“the security reason” to “one possible security reason”
Where I work the firewall issue is the primary reason for blocking access to online email services.
However, it is also corporate policy that no email can be kept for more than 60 days (unless an extension is requested an no email can be kept for more than a year period) unless you’re in an area with certain regulatory requirements.
So a secondary reason for the ban is to prevent employees from using Gmail etc. as a way of circumventing that rule.
The same primary/secondary goals are the reason the USB ports on our computers are also disabled.