Organizational Countermeasures to Prevent IT Misuse

Abstract

Computers continue to play a significant role in one’s everyday lifestyle and have impacted the business world since 1945 (Lessing, 1954). Through the research conducted, it was revealed that the innovative changes in technology has benefited the business sector, however, there remain areas in which still need to be addressed. Computer waste and mistakes impact organizational operations by misusing computer systems and creating additional security risks that businesses fail to identity due to not having proper methods in place. In addition, employees use company time to personal enjoyment such as surfing the web which can lead to security violations. Others do not follow proper procedures, leading to mistakes that cause companies thousands of dollars’ worth of damages. By addressing these issues, one can implement effective tools or policies to prevent organizations from misusing IT systems. 

Background

Major causes of computer problems that contribute to unnecessary excessive costs for businesses and creates an additional loss of profits are due to misuses in information technology and mistakes that occur within the organization. Digital computers went into operations in 1951 and have since advanced to smaller electronic computers used in industries for more than data entry information. Programs were developed to meet the requirements of the organization and adapt to the changes needed to become effective for the organization’s goals. Companies replaced old methods to implement computers so that problems would decrease, and accurate calculations can be made. However, with the adoption of modern technology, training and uses of technology placed a significance in how organizations operate. (Schmidt, 1960)

During the launch of computers, people saw them being utilized mainly for research and to perform rapid calculations due to the advanced quantitative methods they were programmed with. Depending on the type of company, the initial impression computers possessed was that for routine data or to maintain reports. In addition, at the startup of utilizing computers, the cost was high because of the training, installation, equipment upgrades, and creating standard procedures of tasks. This began the innovation that management needed to combine their skills and reasoning to the quantitative system for their different departments. The adaptation of computers to business was not easy to accomplish. The less standardized models and specific input-output devices were added to meet the need of the organization (Lessing, 1954).  As time continued, new models were released, and new systems were implemented. This caused businesses to race with the newest systems in order to compete with other businesses. The automation systems became customized to fit the need of the company goals and then lead to privacy settings for some systems to prevent modern hackers from accessing. However, issues and errors continued to occur, and companies began to lose profit and productivity compared to before the systems were used.

Computer Waste in Organizations

As the adaptations were being made to add computers to the business operations, systems had errors or glitches causing them to be risky with information (Bennett, 2017). This lead to shadow systems which was duplicating the information but costing twice the time. Also, this can create overcommunicating the same information over email such as including irrelevant information in emails that can be accessed through databases and other asking questions about information that was already addressed in previous corresponds.   In addition, no restrictions were applied to employees, causing there to be a loss of company time to accomplish personnel matters on the web (Conner, 2012).  Furthermore, by employees accessing unauthorized websites, it can lead to securities leaks and legal implications can occur if the wrong information is hacked or stolen (Davis, 1976). This raises concerns to the public and government officials due to mishandling vital information and failure to maintain the records can expose individual privacy, release inaccurate information, and create fraud worldwide. 

Another example of computer waste in an organization is employees spending time playing computer games, sending personal emails, and surfing the web. This not only wastes the company’s money and resources but also reduces the level of productivity in the office. Studies show that 60% of workers check their Facebook and Nielsen found 25% of working adults viewing pornography on a computer while at work (Stair & Reynolds, 2015). Employees using computers for their personal reasons increases the levels of risk in regard to privacy and company information leakage. Hackers can reach out to company’s employees and manage to get basic information to access important information that will affect the organization and cause it to lose profit.

Computer-Related Mistakes

 Companies can spend time and money to develop programs to meet the needs of the company but the program itself may have flaws that can cost the company if not caught early on. In addition, as the organization continues to grow, an increase of mistakes can occur by lack of training or lack of feedback to address those mistakes. Computer mistakes can be user error or programming error; however, it impacts the business in a negative way. Examples of mistakes and how its impacted businesses include security vulnerabilities and misconfigurations (Dias de Oliverira, 2011).

Due to the technological advances in the computer field continue to rapidly change in short time periods, organizations at time enforce an idea that is still in the experimental stages. The experimental setup can create errors for both users and programs if the correct idea is not presented in a proper form. Companies do this to monitor the infrastructure of what works and what is not suitable for the company. This method consists of a lot of risks but has been done in the past with companies trying to launch programs to better compete with their competitors (Dias de Oliverira, 2011). An issue that arises from this stage is how the information technology will affect management jobs and what issues will the management have to face with its employees and the computers according to Whisler (Shultz & Whisler 1961).

However, humans are prone to making mistakes, especially if certain factors are considered such as stress, lack of sleep, and distractions. The performance of an employee affects the productivity of the company and how the employee performs their daily tasks will be shown in their work performance. Operators mistakes can cause major setbacks if not addressed in a timely manner and can move the company backward if the repairs are not done. Employees can be at fault without even being self-aware of their own mistakes. In addition to the errors, if users are not trained properly, it may lead to errors that could have been prevented with proper guidance. The user’s ability to perform the task accurately will depend on how familiar they are with the software or program itself.  Federal agencies reported an estimated $106 billion in improper payments from 84 different programs that either made wrong payments or not supported by the proper documentation (Stair & Reynolds, 2015). Errors made by employees can be corrected when they are aware of the mistakes. Employees can develop a system of management inspecting the work of new employees to check they are performing correcting, however, this begins to lead back to double working if the same task is completed twice. Supervisors can also oversee error by mistake which does not solve the same issue occurring.

Employees can have a different approach to the situation as well. An employee that was fired or let go from their employer can seek to gain revenge by deleting data from the employer’s computer discs. (Wasik 1991). The misuse of the systems leads to additional problems for the company such as employees having access to information that could affect the operation of the business and even leak information that is viewed as sensitive.

Countermeasures to Prevent IT Misuse

By implementing policies and procedures, organizations can ensure that systems are being utilized to their full potential, in addition, to limiting control rights to reduce misuse risks. Most organizations use information systems for their daily functions and apply the appropriate updates needed in order to enhance the systems to operate at optimal levels. Also, by identifying the common errors, the establishment can control and prevent those errors from becoming consist issues in the future.  Security Policies implemented by an organization should prevent and detect misuse of information and should include an incident-handling plan should employees encounter situations outside of their scope of training. The policy needs to limit access of data and have severe consequences, including legal action, should the information be leaked or tampered with in order to protect the company and its resources.  Also, the company can set restrictions and implement certain software access needed for the employees to complete their taskings and set those limits within the security policies.  

In addition, organizations need to make sure they don’t neglect physical security regardless of the type of infrastructure they reside in. Majority of problems transpire because of failure to uphold computer security and individual privacy. By detecting these areas and addressing different approaches to fix them, companies can ensure only authorized personnel and information are being accessed. Regulating the information and keeping accurate records of who accesses the information will reduce the probabilities of fraud or other mistakes from occurring. Companies can assume that having a gated enterprise protects them from outsider threats, when in reality some of the biggest threats come from within the organization and can serve in a management level position or even one of the cleaning crew. Anyone who has access to the computer network, unsecure filing cabinets, post-it note passwords on monitors, and even unshredded documents can gather vital information such as passwords or plans to future projects. These physical securities can lead to serious levels of misuse if not properly addressed so employees know to secure their systems and information.

Organizations need to consider screening new employees in depth prior to entering the organization in order to prevent future misuse of data and reduce risks of potential harm this person may create towards the organization based on connects or main goal. If employees do not have the appropriate level of clearance in an area, they should not be permitted to have access to information which would need to be verified in a in depth background check which could be time-consuming but well-worth it in the end. 

The use of strong authentication is vital to the organization and the individual as well since password-cracking technology has advanced rapidly. By implementing two-factor authentication or even biometric authentication, it protects individuals from threats trying to use their personal identity and has to require multiple methods to enter the data or network which most threats would not be able to break into. Multifactor authentication does not prevent IT misuse entirely but assist in hardening the system, so threats have a challenging time trying to enter the network.

5. Secure desktops

Most organizations today utilize host-based systems while other rely on network-based systems that have LAN sniffers. By segmenting LANs in a large network, one is able to monitor for alerts and its own zones are segregated by firewalls, which can lead to a trusting network. Sensitive information can still be leaked through emails or messages if not properly addressed, however, by adding a feature like intrusion detection systems, which scans for unique phrases that can alert one of suspicious activities.  In addition, tools such as SealedMedia and Authentica’s Recall series restricts the distribution of documents on a network which assists in preventing vital information from being leaked.

At times, some of the biggest threats are within one’s organization since they have the ability to access the information and at times are not careful with covering their tracks compared to an outsider. In addition, some organizations do not properly organize their event logs, firewall logs, or Unix syslog which are major disadvantages for the business since threats could be releasing materials without the organization’s awareness. By investigating anomalous activities, organizations are taking steps to mitigate risks and prevent misuses of systems by observing logs that may not be normal for its daily operations.

Administrators need to take into account of focusing on perimeter tools and strategies to increase security postures for the network. At times, organizations do not invest in these tools due to an increase in cost however it is well worth putting these internal patches on the LANs and securing host by eliminating services that one does not use. By locking down configurations, one limits the access of the network and increases security for the organization. 

Lastly, monitoring employees for misuse is important since that is a major threat that can be minimally observed. However, limits are applicable since legal monitoring falls under some of the organization’s jurisdiction. Employers need to analyze how laws and civil government play a factor in how much their employees could negatively affect the company if they had malicious intent (Wasik 1991). Certain limitations can be place like blocking hacker tools, pornography, social media sites, competitors, and other sites since it can fall under the policies set in place for all employees. Implementing the policies can be simple as a firewall or limiting the access of URLs. Auditing can safeguard the organization is abiding by the privacy legislation and it allows them to protect their privacy in their financial archives from being released to the public. The third-party entity can assist the organization by recognizing areas they are needing more attention in. Audits can emphasis on varies areas, not just one specific set of records. These evaluations can find areas that need improvement in and find leakage that the business was not aware of.  For instance, if supervisors are failing to examine the work performance of their employees, it will be expressed in the audit if certain areas do not look up to standard. Some organizations also monitor their employee’s systems to see the daily logs of activity. These logs helps the organization study the overall productivity of their workforce. In addition, the logs allow supervisors to see if any employees are not abiding the company’s policies set in place. This may create a level of distrust with the employees since they are being monitored their entire workday but by setting boundaries, employers will be able to observe employees without breaking a level of trust the worker has with its supervisors and the company brand itself.

Significance of Why Organizations Should Apply Preventive Methods

The importance of adding the policies and procedures will allow businesses to enhance their performance, decrease costs, increase productivity, and improve customer service as a whole. This way the company is gaining benefits from using computer-based systems in their daily functions to operate their business and no longer lose time or productivity as these policies are continuously enforced. The internal functions of the organization determine the growth of the company and can affect the level of customer service given to the public. Every organization has a goal to continue growth and to better serve the customer or client. The main factor that affects this is if the system or method the company uses has a solid foundation and can be adapted to the future challenges the company will face. With the goal in place, utilizing the correct technological advances, the organization will be able to compete with others and meet the needs of their customer base. This will impact not only the company and the client but will affect the economy as well. Businesses, whether small or big, affect the growth of the economy and how effective they must be to remain competitive with the rest of the world.

By including the importance of how computers affect businesses in this new age of technological growth and dependency, organizations are able to remain competitive and modern with the globe (Agar, 2006).  Computers play a major impact on how business is conducted in this generation that it would be impossible to accomplish certain activities without a computer in business. Applying computers is supposed to reduce cost and improve productivity by making the task simpler. Also, policies will enforce what steps employees need to make if updates occur, what they are allowed to do on the systems and how to incorporate productivity skills for the organizational goals in place. The policies serve as a guideline for both new employees and current employees who need a form a reference. By striving to prevent waste and properly educate the users on the appropriate functions to use on a company system, it will help reduce mistakes that cost companies thousands of dollars to repair. These policies can also include proper procedures for discarding old company equipment and utilizing modern technology to better serve the employee as well.

Conclusions

In conclusion, computer waste and computer-related mistakes are a daily issue many businesses come across as they implement new systems and technologies into their daily work tasks. By addressing the issues and providing the proper training to employees, the organization is able to make changes in order to increase efficiency and create a system that cuts time by utilizing information systems to accomplish the functions needed for the organization. Policies that are shaped to the organizational goals can better connect with the vision the company has set and it enables the users to understand their roles as employees. The possibilities computers can perform in business are endless with the proper policies implemented and enforced to prevent errors and protect the privacy of the organization. In addition by using the current laws in place, proper legislation can protect the companies and also set boundaries as to what the organization is allowed to do when it comes to the privacy of its employees and the wellbeing of the organization.

References

• Agar, J. (2006). What Difference Did Computers Make? Sage Publications Journal, pp. 869-907.
• Bennett, M. (2017, Mar 10). Top Eight Ways Businesses are Wasting Time and Resources.   Retrieved from The Telegraph Business: http://www.telegraph.co.uk/business/ready-and-enabled/how-businesses-are-wasting-time-and-resources/
• Conner, C. (2012, Jul 17). Employees Really Do Waste Time at Work. Retrieved from Forbes: https://www.forbes.com/sites/cherylsnappconner/2012/07/17/employees-really-do-waste-time-at-work/#3daa26265e6d
• Davis, R. M. (1976). Implications of Privacy Legislation on The Use of Computer Technology in Business. Jurimetrics Journal, pp. 95-110.
• DeLone, W. H. (1988). Determinants of Success for Computer Usage in Small Business. MIS Quarterly, pg. 51-61.
• Dias de Oliverira, F. A. (2011). Towards Mistake-Aware Systems. ProQuest, 1-141.
• Lessing, L. P. (1954). Computers in business. Scientific American Vol. 190 No. 1, pp. 22-25.
• Schmidt, R. N. (1960). Management and the Electronic Computer. The Journal of the Academy of Management, pp. 167-173. Retrieved from
  http://www.jstor.org.tamuct.idm.oclc.org/stable/254522
• Shultz, G. P. & Whisler, T. L (1961). Management Organization and the Computer. Technology and Culture Vol. 2 No. 2, pp. 193-196. Retrieved from
  http://www.jstor.org/stable/3101428   
• Wasik, Martin (1991) Crime and the Computer. The Cambridge Law Journal, Vol. 50, No. 3, pp. 540-542. Retrieved from
  http://www.jstor.org/stable/4507592