Employees can unwittingly introduce malware throughout the enterprise by loading unauthorized software from portable
storage media or by downloading it from the Internet. Although it may not be malware, unauthorized software developed within the enterprise can create customer relationship, legal, regulatory, and other
problems.
• When employees use alternate means of handling company information that bypass protections, such as
instant messaging or autoforwarded email, they unknowingly jeopardize the network and the enterprise.
• Keeping application and security software current and universal, using application auditing and Web filtering software, and establishing a regularly updated and highly visible software/IT assets usage policy are the best
ways to address employees’ unintentional but risky misbehavior.