I'd like to point at a type of security behavior that is enormously risky. Judicial Watch just released a post that's a major heads-up for anyone: "An epidemic of federal employees watching porn on taxpayer time has reached a new low at one agency where a veteran staffer “viewed child pornography on a government computer on multiple occasions,” according to an audit.
The unidentified employee worked at the Bureau of Land Management, which operates under the Department of the Interior (DOI) and admitted to investigators from the agency’s Inspector General’s office that he viewed adult pornography on multiple occasions though he knew DOI policy prohibits it.
A year ago, a separate DOI employee infected agency networks with Russian malware after visiting thousands of porn sites on his government computer. A forensic examination determined the employee, who was never identified, had an extensive history of visiting porn websites and saving material on an unauthorized drive. In both cases the employees retired and faced no consequences.
The DOI is hardly alone in the ongoing porn scandal. Watching porn on government computers during work hours is so rampant that legislation (Eliminating Pornography from Agencies Act) was introduced in Congress a few years ago to contain the embarrassing crisis.
Porn has for years been part of the job at some government agencies and numerous federal audits have long documented the enraging details of how our tax dollars are being wasted. Judicial Watch has also reported extensively on the topic, especially the porn crisis at the Securities and Exchange Commission (SEC), the agency charged with policing the nation’s financial industry.
While the economy crumbled, the SEC was preoccupied with pornography. In fact, high-ranking managers at the agency regularly spent work hours gawking at pornography web sites on their government computers while the country’s financial system collapsed. We’re talking dozens of SEC employees, including senior officers with lucrative six-figure salaries viewing explicit images on their agency computers during work hours.
Other agencies have also been embroiled in porn scandals evidently making legislation necessary. Among them is the National Science Foundation (NSF), which has been exposed by its inspector general for having employees spend significant portions of their workdays watching, downloading and e-mailing pornography on government computers without ever getting caught." The full Judicial Watch article is here.
I do not have to tell you this type of behavior is fraught with a number of risks, and shows that a LOT needs to be done in the sense of security culture in those organizations. Do everything you can to not have this happen in your own organization. Stepping users through new-school security awareness training is an important piece of that.
Here's how it works:
