Sicherheit
The Pirates Among Us
How to Protect Your Company
So how seriously should you take what the entertainment industry is doing? Not as seriously as they might like you to, but you need to do something. Organizations that allow illegal files to be stored on their hard drives could indeed open themselves up to millions of dollars of potential liability. So far the entertainment industry - perhaps assuming that companies have their own incentives to try to keep out hackers - has been sympathetic to organizations that inadvertently let hackers into their systems. But the industry is harder on organizations that look the other way when it comes to illegal employee activity. For them, liability is a way to provide that incentive - and prosecuting individuals won't get them far. "If someone has a stolen copy of Shrek that they're serving up to the world, the studio is not going to go after the person; they're going to go after the corporation," Bauer says.
But keeping your company from being hauled into court won't be the most difficult issue you've ever tackled. "The most important thing is having a policy," says Tsvi Gal, senior vice president and CIO of Warner Music Group. "Issue a policy stating that your organization opposes the illegal infringement of copyrighted files and that a person caught doing it on company assets will be subject to discipline. If people understand that it is wrong and that there maybe steps taken against them, they will probably cease doing this."
Drake's policy, for example, states that it's not acceptable to "violate the federal copyright law by downloading copyrighted audio, video, graphics or text materials from the Internet without proof of proper licensing arrangements." The policy warns that rule-breakers may lose computing privileges, be suspended or expelled, and will beheld liable or prosecuted under state or federal statutes.
Following up on that policy is key, attorneys say. "The worst thing to do is to have a policy that sets a standard that you never enforce," says attorney Bruce Keller, a partner at Debevoise & Plimpton and a leading expert on copyright law. "You've defined the standard to which you're going to hold yourself."
A few technical steps can help enforce the policy. In addition, there are other incentives for doing so. By their very nature, P2P services have security risks. Employees may be inadvertently "sharing" more than they realize and making sensitive documents available publicly, or they may be downloading files that contain viruses and worms. Stopping it can be to your advantage. What's more, cutting down on illegal file-sharing can go a long way toward freeing bandwidth and disk space to be used for other - more productive and legal - activities.