Today, people are constantly fighting for their online privacy. There are concerns about what information websites, broadband providers, and social networks are storing about users and visitors. And many are concerned about privacy invasions and spying by government agencies.
But there’s one area where most people don’t think about privacy too much, and that’s at work. And that’s because this issue has been settled for a while. When using the web, email, or other services at work, there really isn’t much privacy, especially from the IT workers tasked to support and protect these business systems.
Recent research from security vendor AlienVault talked about how IT workers often see embarrassing data and information about their co-workers in the course of doing their job. And this often includes executives of the businesses in question.
This makes a good headline, and probably had more than a few people rethinking their worktime computing activities, but to anyone involved in IT support, this is basically a “duh” moment. Of course IT has access to embarrassing information about co-workers. It’s their job to track and snoop on the network, email, and systems used.
Let’s start with email. Many businesses have an email gateway in place, or have similar services from their SaaS provider, that scan all inbound and outbound emails. This is done for security reasons (to prevent malware, spam, and phishing attacks), but is also for compliance and to prevent loss of sensitive information. These systems can scan the content of emails for words like “sensitive information,” “spying,” and “invention,” and then put them in a zone where IT workers can check to make sure a user isn’t selling information to the competition.
But these filters often grab a lot of innocent email, which means IT is scanning lots of innocent, and sometimes personal, messages.
Then there are web filtering systems. They are designed to prevent users from surfing for porn, or other questionable web content, while on business systems. Sometimes these also block other sites, including medical information sites, which means that a worker looking up symptoms for a potentially serious disease may accidentally expose this information to IT.
And then there’s the work of IT staff to repair and restore worker systems. This means direct access to a user’s laptop, which often has lots of personal information, photos, and other files on it.
So what’s a privacy-concerned worker to do today? Well, one, understand that work systems and connections are just that — work systems. They don’t belong to you, so don’t do anything on them that you wouldn’t do in front of other people. Most of us have mobile devices with fast connections — use these if you need to do some personal email or web surfing.
However, there’s also a lesson for IT here as well. It’s inevitable that, in the course of your day-to-day job, you’ll come across something that might be embarrassing for a co-worker. But that doesn’t mean you should share it with your buddies in IT, or store it away to potentially use against someone.
Good IT support practices mean that, the second you realize something is personal, and isn’t a threat to company security, secrets, or compliance, then you should move on.
Because if you wouldn’t want co-workers sniffing through your personal correspondence and files, then you definitely shouldn’t do it to them just because you can.