Computerworld - We've seen it before: innocent and unsuspecting organizations that have their networked computers hijacked for use as pawns in attacks against other companies' networks.
But what about when such hijacking can be averted? Is it the middleman's responsibility to prevent further dispersal of attacks? When a hacker sends a virus and/or infiltrates a system and then uses that system to break into or infect other systems, does it result in potential liability for the victim? Downstream liability is recognized as failure to secure, warn and prevent such propagation.
If your organization's computer systems are infected with a virus that's further dispersed by your employees, are you liable for damages that result? You can be if your organization was made aware of the virus's presence, for instance, if a savvy staffer runs antivirus software and discovers it or if you're notified by one of the recipients of your infected e-mail. This awareness may cause your organization to be receive blame indirectly.
Once a user or an organization is made aware that its system has been made the pawn in furthering the spread of a virus or infiltration (through being hijacked), it could become a target of legal action for having had a hand (even though not intentionally) in spreading the virus.
Certainly, an organization is negligent if it's notified that its system is being used as a launch pad for spreading a known virus and doesn't take steps to prevent further infections. While the virus writer is the one directly responsible for creating such viruses, the organizations suffering losses can be held liable for the resulting damage. An organization is more apt to have assets and resources from which litigants may recoup damages, as opposed to a hacker, who is more likely an adolescent or someone with few assets.
Aside from the ethical concerns connected with downstream liability, organizations must take into account their legal obligation to keep their systems secure. Depending upon the state in which the organization is located, there may be laws governing statutory requirements, liability avoidance and legal facilitation of prosecution for unauthorized access and use.
In an effort to protect themselves against such liability, organizations have to use appropriate antivirus defenses. With liability decided at the state level, organizations are left in a quandary, since downstream attacks can happen virtually anywhere across connected systems, without regard to traditional boundaries or borders.
In short, an organization's information systems must be kept secure, not only from a legal standpoint, but for their commercial dealings as well.
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts