The Wall Street Journal-20080129-Business Technology- Best of the Business Tech Blog - Excerpts from Recent Entries at WSJ-com-s Tech Blog

Return to: The_Wall_Street_Journal-20080129

Business Technology: Best of the Business Tech Blog / Excerpts from Recent Entries at WSJ.com's Tech Blog

Rogue Trades Shed Light

On Security Technology

The unauthorized trades that cost Societe Generale SA $7.2 billion have shined a light on the technology that businesses use to detect suspicious transactions and shady accounting. The lesson: Businesses that rely on these systems to prevent fraud are confusing control and security.

The systems that businesses use to block unauthorized transactions work by preventing the same person from both initiating and approving a transaction. They do a good job of stopping honest mistakes, like cutting a check that's got an extra zero at the end; and blatant, unsophisticated fraud, like trying to send that check to yourself. They also give businesses visibility into the myriad transactions that take place every day, and they're invaluable when it comes to auditing past transactions. (In fact, once Societe Generale detected the fraud, it was able to figure out exactly what happened in a matter of days.)

But these aren't security systems. Security is making sure that only the right people access the right parts of the system. In the case of Societe Generale, security was provided by passwords. And that's how Jerome Kerviel, the 31-year old trader at the center of the scandal, avoided detection at first: He used passwords belonging to colleagues.

Security pros call that one-factor authentication, meaning that in order to access the system, someone needs only one thing. That's considered the weakest form of security. The best security comes from so-called three-factor authentication, which requires you to provide something you know, like a password; something you have, like a security card or other ID; and something unique to you, like a fingerprint, before accessing a system. It's relatively easy to steal someone's password or ID card. It's hard to get both. They make movies about people who crack all three factors.

More security makes accessing a system less convenient. It's also expensive. So businesses often require passwords and call it a day. If there's any good that comes from Mr. Kerviel's alleged escapade, maybe it's that businesses will finally understand the difference between control and security. And maybe they'll invest a little more in the latter.

Telecommuters Make Work Tough?

Studies show that employees who work from home are just as productive as those who come to the office everyday. But working with telecommuters can be really frustrating for everyone else.

Timothy D. Golden, a professor at the Lally School of Management & Technology at New York's Rensselaer Polytechnic Institute, interviewed 240 office-bound employees who work in groups with telecommuters. He found that the higher the percentage of telecommuters in a group, the less satisfied office-bound workers were with these colleagues. A group with just a handful of telecommuters wasn't a problem; a group where half the people telecommuted was a big problem.

Mr. Golden says there are two reasons for this. The first is social: Part of what makes a workplace fun is the small interactions people have in the elevator or at the water cooler. These don't happen as much in offices where lots of people telecommute, for obvious reasons.

The second is more practical: Office workers often have to adjust their schedules around telecommuters, who aren't always available for a quick over-the-cubicle conversation. As the number of telecommuters rises, so do the lengths to which office-bound workers go to accommodate these people. Similarly, Mr. Golden says, office-bound workers end up fielding impromptu requests more often than remote workers.

D.C.'s Crackdown On Porn Sites

Washington, D.C., fired nine workers last week and plans to discipline more than 30 others who were caught visiting pornographic Web sites while at work.

These aren't cases of someone accidentally clicking on the wrong link. The workers each visited thousands of dirty sites. "These employees spent a majority of their time browsing pornographic content," says Vivek Kundra, the district's chief technology officer.

The employees were caught after Mr. Kundra used monitoring software to track what Web sites employees viewed and how often. The district has had a policy against viewing pornography at work since 1999.

Mr. Kundra is glad his information-technology department was able to hold workers accountable, but he thinks the incident highlights the need for organizations to change the way they manage workers in the long term. The Internet makes it possible to work from anywhere. It also makes it possible to waste an entire day in front of your computer. Managers who rely on that old standby face time to determine which workers are the most productive are doing their organizations a disservice. They need to start judging workers on the quantity and quality of their work, Mr. Kundra says.

In the future, D.C. employees who try to visit dirty Web sites while at work will be redirected to a page that shows the city's computer- use policy.