The Danger of Overreacting….

Matt Keil


Category: Uncategorized

There is a somewhat erroneous assumption that the web provides anonymity – in particular when someone is posting a comment on an article. And then there is the old saying that knowledge is power. The challenge some people face is what to do with it.

Case in point. A St Louis Today reporter posed an open ended question and did not like one of the more vulgar responses—no doubt posted due in part to the “anonymous” nature of the web. But rather then let it go, the poster was “outed” to the employer and summarily fired. This is a perfect example of a little knowledge (the identity of the anonymous poster) used in a manner that most would view as an overreaction. So the question we have to ask is this – would either of these reactions (the post and the retribution) be made in a face-to-face meeting. I don’t think so.

Let’s switch gears now. Our customers are deploying a next-generation firewall that gives the security administrators detailed information on the applications traversing the network, who is using them and the potential threats they pose. The administrators face a similar dilemma of how to use the newfound knowledge they now have at their fingertips.

One extreme is to blindly block everything that is non-business related. Doing so may conserve bandwidth, and improve security a bit it will also damage morale and force users to try and find ways around the controls. Most importantly, blindly blocking will slow company productivity because personal applications like IM, webmail, Google Docs, Twitter and Facebook are being used for work purposes. The other extreme is to monitor and blindly allow everything. This too is going to hurt company bottom line but for different reasons.

The right approach is to work with the business groups to determine usage policies based on the new found knowledge, educate users on the new policies and then enforce them. And it should be done in a face-to-face manner – where possible. If for no other reason than to avoid overreacting.

http://www.stltoday.com/blogzone/talk-of-the-day/talk-of-the-day/2009/11/whats-the-craziest-thing-youve-ever-eaten-and-did-you-like-it/ http://arstechnica.com/web/news/2009/11/paper-outs-anonymous-commenter-job-loss-ensues.ars

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS