Security has always had the responsibility to physically protect employees and executives.

In fact, as a practice, it did this long before there were computers. In areas where there are lots of people but little oversight there is a potential for physical threat. This was recently detailed in "The Lucifer Effect," a book by Stanford psychologist Philip Zimbardo. He argues, and provides substantial support for that argument, that in certain situations normal people will develop behavior patterns that are hostile and abusive, both verbally and physically, and that this behavior can escalate to extreme levels.

Currently there is little in the way of oversight on the Web, and we have already had substantial evidence of abuse show up there. The most recent involved blogger Kathy Sierra, which forced her to cancel a trip and basically go into hiding as a result of death threats. Sierra actually named a number of the people who had attacked her online.

Earlier this week, she and Chris Locke, one of the folks she named, appeared on CNN, which showcases how much visibility this one received. What's also fascinating, and should be disturbing for those in security, are the number of posts underneath this link that condone the behavior and suggest that anyone blogging should be willing to take the related risk.

Let’s be clear: Sierra was threatened with both death and rape. The risk goes beyond an employee who was threatened. The people who attacked Sierra work for someone, and we know that a lot of employees are on the Web at work. We can assume at least one of those that attacked her was likely at work when he, or she, made the attack. The ability to trace back blog browsers to an IP address and physical location is increasing. Were such activity disclosed, it could do the company a lot of damage. And the damage wouldn't be limited to just a PR problem either.

This instance clearly crosses the line into sexual harassment and would help to support a case for anyone wanting to file a hostile workplace complaint or charge someone with a hate crime. The implications for a corporation would be dire, because it could be used to demonstrate a pattern of behavior and/or showcase tolerance for this activity. Properly argued, both of those could result in relatively large settlements. Companies would have to be insane to let something like this go to court.

Finally, if a person says something like this in a blog, then the greater the likelihood that they may behave this way at work. In short, it turns them into an unacceptable physical security risk.

Worse, this kind aggression has been moving beyond people to organizations for some time. A recent case in point is Opes Prime Stockbroking, a firm that switched from Red Hat to Oracle Linux. While they haven't yet reported death threats, they apparently were overwhelmed with email and calls from folks that called them names.

As we move closer to a major election period, there will likely be increasing stories of folks attacking candidates they don't like, and a good number of these attackers will likely be at work when they do it. You can imagine how upset marketing or the CEO's office would be if a candidate were attacked or libeled by an employee while on company property. I doubt the Secret Service will have much of a sense of humor if the candidate is running for president and the threat is physical.

Such trends suggest that policies need to be updated and existing preventative measures revisited to make sure you can address both an attack against, and one originating from, your company. Consider these possible fixes:

— Rob Enderle is President and Founder of Enderle Group . Special to Dark Reading