Avoid the dangers of the web security iceberg

Karen Forster

Cyber Monday in late November signals the start of Christmas holiday shopping in the US. It is notorious as the day when employees shop online for bargains while they’re at work—instead of doing their jobs. Retailers benefit greatly from employees’ shopping online from their work computers. However, the shoppers’ employers suffer lost productivity and extra expenses for services such as providing bandwidth and technical support. Most costly to these companies, however, is that they have to deal with potential threats their staff can inadvertently introduce by clicking links to shady websites.

145644631Cyber Monday is just one day a year, but it’s the tip of an iceberg of non-work-related Internet use and subsequent losses that organizations face every day. To find out how pervasive such web usage is, Salary.com polled 3200 people about their Internet habits while they’re at work. The findings illustrate how deep the iceberg of wasted productivity goes. Of those responding to the poll:

  • 64% go to non-work websites daily
  • 21% waste up to five hours a week (which amounts to 1/8 of the work week) reading news, performing personal web searches, shopping, engaging in social media, emailing friends and family, and looking at Facebook
  • 46% look for jobs while at work

Aside from spotlighting a great deal of time not spent working, these findings add up to a lot of opportunities for employees to introduce threats to work computing environments. And this research doesn’t even take into account events such as Cyber Monday.

The question all this online activity raises is how organizations can protect themselves and their employees from the consequences of such misuse of business computing resources. Essentially, they can protect their technology assets by focusing on three areas: web security; web monitoring; and URL filtering.

Web Security
When employees use the web for personal activities, they are susceptible to threats such as malware and malicious websites and executables. Most organizations have anti-malware solutions, but such solutions must be continuously updated. Cloud-based anti-malware protection enables real-time updates and ensures that new threats are dealt with immediately.

Web Monitoring
Monitoring employee activity online is not about spying on staff. It can assure that businesses are not exposed to legal action because of employee misuse of business technology. Cases of employees intentionally and maliciously abusing business resources are fairly rare. But unintentional behaviors can be just as damaging. Organizations can be prosecuted for employee web browsing even if the employee did not mean any harm. To protect the business, a web monitoring tool needs to proactively find and block inappropriate and dangerous use, both for onsite computers and mobile devices.

URL Filtering
With URL filtering, IT can block or restrict certain URLs based on lists from a filtering vendor and on IT policies. Examples of sites to block include those with inappropriate content, such as porn and known malware carriers. File sharing and storage sites can expose sensitive data to competitors or identity thieves. Other dangers include phishing attacks and URLs that include executables that can hijack systems, install spyware, and expose data.

Recognizing the Threat
The first step in dealing with any problem is to recognize the problem. Then you can find a solution that addresses all aspects of the threat.

–––––––––––––––––––––––––––––––––––––––––––––––

Want to know more about security? Then check out the videos serious by our security lead, Ian Trump…