CSO

While this old chestnut is reasonably accurate in most instances, there is one area where possession constitutes ten tenths of the law.  That area is possession of certain types of illegal materials.  Under the law, possession of copyrighted materials, child pornography, hacking tools, and similar items in and of themselves could create substantial liability and risk to businesses.  In some instances, liability is “strict,” meaning the business could be responsible, even if one of its employees loaded the materials onto the business’ systems without its knowledge. 
 
Now, more than ever, businesses need to be concerned with what employees are putting on their systems.  Downloading pirated music could give rise to an audit by the Recording Industry Association of America.  Possession of child pornography could result in the business’ entire computer system being seized.  The list goes on.
 
Most recently, we have found employees (non-tech employees) spending time experimenting with the many easily obtained “hacking tools for dummies” available on the Internet.  Possession of this crimeware could expose businesses to further risk and liability.  Consider the exposure flowing from an employee using these tools to create a virus that is propagated from his or her employer’s systems.
 
In all of these areas, there is no 100% solution, but businesses must be vigilant.  They must adopt appropriate computer use policies to address these issues.  They must configure their firewalls and other systems to limit downloads of executable files and MP3’s and other frequently pirated media files.  Most of all, they must adopt and revise those policies and security protocols as new risks are identified.  While no business can achieve 100% compliance, they can establish reasonable diligence in addressing the problem.  That will go a long way to reducing the potential risks and liabilities that can flow from these activities.