A recent Columbia University study found that approximately one out of every two adults (or 46 percent, to be precise) had illegally obtained copyrighted works via the internet. So, unless your firm is very small, or some sort of bizarre statistical fluke, chances are, some of your employees are pirates.
That doesn't necessarily mean that they're non-productive members of society. Time and time again, studies have shown that pirates tend to be the biggest legal purchasers of content; a statistic which anti-piracy groups surely wish wasn't muddying the waters.
The fact that the issue is more gray than either pro- or anti-piracy supporters would have people believe is not an excuse for IT departments to overlook the issue. Yet, a surprising number of businesses do not explicitly forbid at-work piracy in their employees' terms of employment, and do not take proactive steps to ban unauthorized downloads on work networks.
A crucial first step is to ban BitTorrent traffic (unless you happen to be a rare business that requires torrents) among your general user population. Sure, employees could get around that with the proper encryption tactics, but that alone should be enough to deter most of your users from pirating at work.
Second, make it clear that employees are not allowed to have torrent clients on their BYOD devices, and use device management software to enforce that prohibition.
Have a clear-cut series of consequences if employees get caught pirating content on work devices -- either at home or at work. Remember, it's important to be fair, but it's equally important to remove your own potential liability. You don't want your workplace Internet to be throttled, or to receive a settlement threat letter, all because one or two employees couldn't keep their love for piracy outside the workplace.
Clear policies and enforcement will also help prevent embarrassments. TorrentFreak recently released a study which revealed that employees of a variety of major Hollywood studios were apparently downloading pirated games, television episodes, feature films, and adult films from workplace static IPs. If true, these allegation could do serious damage to the reputation of the studios involved, and that damage would have been entirely preventable had the IT staff practiced stricter enforcement.
It's also important for someone to be watching the watchmen, so to speak. Often, the most tech-savvy users are your IT staff themselves. Don't be surprised if many of your IT staff engage in piracy, and don't be surprised, either, to find that some are bold enough to pirate from the workplace. After all, when you police the networks, it's easy to feel above the law.
For smaller companies, financial resources may necessitate blind trust of your IT staff. But larger firms should consider a more robust solution to watching their watchers. For example, have a third party firm audit your IT department. While this won't catch all potential piracy among your IT staff, it should serve as a modest deterrent against the most glaring and blatant examples of piracy.
Last, but not least, larger firms should consider blacklisting not only popular piracy sites (e.g. the various major domains of the peer-to-peer sharing site The Pirate Bay), but also Google searches for such sites. Searching can enable users to circumvent filters by finding mirrors, but if you ban the search, most employees will be unlikely to locate the mirror without extra work.
Your ultimate goal should be to make it as hard as possible to pirate in your workplace, minimizing your liability. Remember, your business is living in a world filled with piracy, and denying that reality is a sure ticket for trouble.
Be tough, yet fair, and let employees know what your expectations are. And, if possible, let your IT staff know that their piracy will also be spotted by independent audits.
— Jason Mick is senior news editor at the independent tech news site DailyTech.