Is Your IT Help Desk Breaking the Law?

If you work in IT, chances are you spend the majority of your time thinking about technical issues. After all, people call the IT help desk for help with technical problems. But like it or not, you as an IT worker are immersed in a world of information, some of which is legally protected.

He’s not angry at you, just disappointed. Which, if anything, is worse.

For example, if you work for the IT department of a hospital, you have to comply with the regulations that fall under the Health Insurance Portability and Accountability Act (HIPAA), as well as the provisions of the Health Information Technology for Economic and Clinical Health Act (HITECH Act), or you risk major legal problems.

If you handle personal employee information, such as employee Social Security numbers, you have to have policies in place for protecting that information. It’s important that you do your part to ensure that your IT help desk doesn’t inadvertently break the law. Here are a few situations to watch out for.

Improperly Licensed Software

According to Microsoft, it is not uncommon for educational institutions to inadvertently run improperly licensed Windows software. Microsoft does provide ways to properly license software if, for example, the organization purchased PCs without genuine Windows software, or installed a Windows Upgrade under a Microsoft Volume Licensing program without qualifying for it. The penalties for using unlicensed or improperly licensed software can involve corporate and personal fines, and sometimes even jail time. A comprehensive, up-to-date asset management solution is the key to avoiding problems like this.

The Disgruntled Fired Employee

Fortunately, the unhappy insider who takes out his or her frustrations using the company network is rare. But it does happen, and it’s important that your IT help desk understand how to prevent such problems. It’s traditional for employees to be given a two-week notice for termination, which means two weeks of an unhappy employee who is probably not going to spend those last two weeks being productive. Some companies cope by terminating an employee’s network access as soon as he or she has been notified of termination, rather than taking a chance on that person having a couple of weeks of unfettered access coupled with a bruised ego.

He just remembered the photos he took at karaoke night with the boss.

Improperly Configured Email Servers

Could your email servers be inadvertently propagating spam? Spammers have been known to create messages where the email originating the spam is not the same as the return path, which contains a forged name. When your system doesn’t verify that the return addressee is actually the sender, your email server can become a co-conspirator with the spammer. In other words, if your email filters are not configured correctly, you could unwittingly be using your email gateway to re-broadcast the spam. Your IT department has to do everything reasonable to validate email sender addresses to avoid this problem, which violates the CAN-SPAM Act of 2003.

Unwitting Violation of State and/or Federal Laws on Network Access

Here’s an example from Texas. Penal Code Section 33.02, Breach of Computer Security, says, among other things, “A person commits an offense if the person knowingly accesses a computer, computer network or computer system without the effective consent of the owner.” This and similar state laws also encompass connecting to unsecured Wi-Fi networks without permission. The problem arises when you or another employee choose to get onto your neighbor’s wireless network (perhaps the one you can pick up from the coffee shop downstairs) in order to surf the net and get to sites blocked by your employer. The federal version of this law applies to “protected computers,” like those used by the government, banks, or those affecting commerce. Believe it or not, people have been arrested for sitting in a coffee shop parking lot and using an unsecured network that was intended for “customers.”

Avoiding Legal Problems

One of the best ways to avoid legal problems in your IT department is to have a robust asset management program in place. When you know that all equipment and software has been inventoried, and that you will be notified when licenses are about to expire, you can be confident that you’re doing what you can to avoid unlicensed software. An asset management solution can also alert you to employees who will be leaving, so that you can promptly remove their network access and avoid “disgruntled employee” problems.

Your web help desk software should make your company’s policies on things like blocked sites clear, so that employees know that hopping on an unsecured network can’t be tolerated.

All these tasks are made simpler when you choose IT help desk software as a service. When your help desk is powered by SaaS, you and everyone else in IT are always using the same version — and the latest version. Upgrades are seamless and end users will always be using the same version of the software that you are.

It’s just one more way to keep your IT help desk operating above board and legally.