Eight reasons why companies address child sexual abuse material in the corporate environment

Eight reasons why companies address child sexual abuse material in the corporate environment
26 January, 2021 NetClean
In Child protection, NC Report 2020

Eight reasons why companies address child sexual abuse material in the corporate environment

Businesses are taking a stand, pointing out that their primary reason for installing software to detect child sexual abuse material (CSAM) comes from a desire to act ethically and to help safeguard and protect children.

In our NetClean Report COVID-19 2020, which is released today, we looked at the reasons behind why businesses decide to protect their IT equipment and environment from child sexual abuse material (CSAM).

The single most important driver for protecting the IT environment and IT equipment from CSAM is, according to the interviewed businesses, informed by a desire to operate ethically. In this case to safeguard and protect children.

CSAM is however a complex issue which, if found in the IT environment, can impact on the business as a whole. It is therefore important that all stakeholders throughout company departments are invested in this issue.

To get a deeper understanding of what drives different stakeholders, we interviewed decision makers from different departments to learn why they think it’s important to protect corporate IT environments from CSAM.

1. Ethics

Companies that include ethics in their core values are increasingly choosing to address CSAM. In this they act as good corporate citizens, and they show that they can act outside of just the corporate interest.

2. Sustainability and CSR

Preventing the spread of CSAM is a sustainability issue, and many companies now recognise that detecting and reporting this material to the police is a way to show corporate social responsibility.

“Child sexual abuse is a child rights issue and we can contribute to the Sustainable Development Goals and to safeguarding children. Therefore it is logical to have this on the [business] agenda.”

3. Compliance – policy

Policies that in different ways state that criminal behaviour will not be accepted are commonplace. The most commonly mentioned policies are IT policies, Codes of Conduct and Sustainability policies, which all can govern that using company IT equipment to access child sexual abuse material will not be accepted in the workplace.

“My role is to make sure that our employees use our equipment the way that it is meant to, and to act on all misconduct.”

4. Compliance – risk

Criminal behaviour is a risk to companies. Therefore it makes sense to have routines and control measures in place for CSA crime as well as for other types of crimes. Detecting child sexual abuse material in the business IT environment is a means for companies to manage risk; it provides capacity to manage the problem and control the situation.

“Someone who exhibits this type of behaviour has probably progressed quite far into building that behaviour, and could have other problematic behaviours as well. This means a risk that the individuals engage in other inappropriate or illegal activities.”

“Child sexual abuse is a child rights issue and we can contribute to the Sustainable Development Goals and to safeguarding children. Therefore it is logical to have this on the [business] agenda.”

5. IT security

Security risks weigh heavily on decisions to protect IT environments from CSAM. One is the risk that employees who engage in criminal behaviour pose to the company (as mentioned above). The other risk is about risk to the IT environment. When IT equipment is used to download, view or share this material, it often exposes devices, and the IT environment, to different types of IT security threats, such as malware, trojans and different types of viruses. It can also leave traces that could lead back to the company.

“Every limitation of IT security risk is important, and this is a good complement and layer inside of the perimeter protection.”

“We work in an industry which is very exposed to security threats. If we have individuals that engage in this type of behaviour in our company, then we have a security risk.”

6. Brand protection

Acting on CSAM is a way of taking control of the issue, managing a risk and protecting the brand from potential damage. It is a possibility to build the brand, either from a sustainability perspective, or as employee/employer branding, and it shows concrete action towards achieving the Sustainable Development Goals.

“In one way this may draw attention to the issue, but it means we’re in control of the information and can demonstrate positive action instead of reaction.”

7. Human Resources

Companies have to work both to ensure that they are an attractive employer, while also take action when employees exhibit problematic behaviour. Detecting CSAM in the IT environment fulfils both these tasks – driving ethical behaviour while also ensuring that they only continue to work with employees who share their core values.

“It is important for us to be a good employer. We want employees that share our values, function well, and feel safe in the workplace. If we can do simple things like making sure that we don’t have employees that consume child sexual abuse material, then I think we should.”

8. Legal Considerations

There is no external legal requirement on companies or organisations to protect their IT environment from child sexual abuse material (CSAM). There are however a number of legal aspects that companies need to consider, and a number of laws that affect an implementation of software to detect CSAM. By actively working to prevent CSAM from appearing in the workplace IT environment, businesses add a framework (compliance) to deal with the issue if it appears.

Addressing CSAM: Security, sustainability and attractive employers.

The COVID pandemic has moved a lot of people out of the office setting into working from home. This in itself has brought new aspects to IT security. Companies need to look at how they secure IT equipment in this new environment, and while IT work to secure it, all stakeholders in the company should unify to ensure that the technology that is owned by the company and used by employees does not facilitate CSA crime. It’s an ethical stand that companies and their employees can be proud of. And, it is these types of companies that attract the brightest and best employees, and so protecting the next generation of employees is an ethical standpoint that favours the businesses.