Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Administrative Investigation, Improper Use of Web-based Collaboration Technology, VA Office of Info Tech

Office of Inspector General Office of Veterans Affairs – Report Number: 13-03054-463 – Redacted – 8/17/2015.
“VA employees improperly used Yammer.com, a Web-based collaboration technology, which was not approved or monitored as required by VA policy. Further, the website had vulnerable security features, recurring website malfunctions, and users engaged in a misuse of time and resources. Although One VA Technical Reference Model (TRM) approved, with constraints, the installation of Yammer’s Notifier, a Windows desktop application, use of the Yammer social network was not VA-approved for employee use. Further, it was not only promoted by VA employees, but it was used and showcased in June 2013 by the former Executive in Charge of Information Technology (IT) and Chief Information Officer (CIO), for an open chat forum, as well as in a June 2014 CIO Message reminding employees to comply with VA Directive 6515 when using Yammer, giving the false impression that VA approved the use of Yammer.com. The Yammer website did not have an administrator or system set in place to ensure removal of former VA or contractor employees and the relatively simple process to post to Yammer not only made VA vulnerable from user uploading, on purpose or accidentally, personally identifiable information (PII), protected health information (PHI), or VA sensitive information, of which any current or former employee remaining active on the site would have access. Yammer users violated VA policy when they downloaded and shared files, videos, and images, risking malware or viruses spreading quickly from the site. Further, Yammer regularly spammed and excessively emailed users, as well as VA employees who had no interest in joining the site, and users were unable to remove the Online Now instant messaging feature, resulting in every user violating VA policy simply by logging onto the site. There were numerous user posts that were non-VA related, unprofessional, or had disparaging content that reflected a broad misuse of time and resources. Moreover, the continuous data streams, instant messaging, video, audio, large files and attachments, and other uploaded non-VA content to the site may cause congestion, delay, or disruption of service and degrade the performance of VA’s network.”

Sorry, comments are closed for this post.