Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Employee Internet Usage Puts Your Business at Risk

Employee Internet Usage Puts Your Business at Risk
Every time employees use the Internet, they put the security of your
network and sensitive business data at risk.
Employees are using the Internet inappropriately
Employees are shopping, sharing content peer-to-peer, and visiting
social networking, dating and adult sites. This use puts your company’s
productivity and reputation in jeopardy and increases the risk of
Hackers have learned to
use legitimate sites as
bait for “social
engineering” tactics,
tricking users into
clicking an embedded
Internet-based threats to your data network. Adult sites are notorious
link or an email
for hosting malware. The taboo nature of the sites is such that users
attachment. This
remain silent about visiting them, even if they suspect their system has
happened with Facebook
been infected. Meanwhile, online shopping sites are often the source of
in December 2008.
spyware, or feature links to third-party sites that may not be
trustworthy.
Inappropriate use is more prevalent than you may think. Data collected by PricewaterhouseCoopers, on
behalf of the United Kingdom’s Department of Business Enterprise & Regulatory Reform (BERR), reveals
that as many as one in six businesses experienced staff misuse of their information systems in the past
year. In the cases reported, approximately 36 percent were spending an excessive amount of time
browsing the Internet, and an additional 41 percent accessed inappropriate websites.
Legitimate sites pose the biggest threat to your data
Even when used appropriately by your employees, the Internet is the primary source for threats such as
spyware, trojans, bots, backdoors, and rootkits. In many cases, simply visiting a site triggers the
infection. This method of transmission, called a “drive-by download”, occurs without the user’s
knowledge at all.
NETGEAR® ProSecure has found that 79 percent of threats were on legitimate sites hijacked by hackers.
In the first quarter of 2008, the websites of thousands of Fortune 500 companies, government
agencies and schools were infected with malicious code, including security vendors such as Symantec,
Trend Micro, and Computer Associates.
Hackers have learned to use legitimate sites as bait for “social engineering” tactics, tricking users into
clicking an embedded link or an email attachment. This happened with Facebook in December 2008.
Members received an email with the subject line “You look funny in this new video” and an embedded
link to view it. The link led them to a non-Facebook video site where they were prompted to update
their Flash player to see the video. Clicking the prompt installed a worm on the user’s system. In
addition to containing spyware, the worm opened a backdoor that would enable private information to
be sent from the system and code to be installed on it in the future.
Meanwhile, the remaining 21 percent of security threats are the result of users inadvertently visiting
rogue websites designed to appear legitimate. Many incorporate search engine marketing and banner
advertisements to increase the number of visitors. By developing rogue sites, attackers have more
control over the threat. Either way, it’s clear that blocking sites based on content is no longer an
effective way to protect your company from threats.
Steps to protect your business
The first line of defense against such threats is to create and enforce an acceptable Internet use policy.
Your policy should cover both the amount of time employees are allowed to spend on personal
business online and the type of sites they are allowed to visit.
Next, install a strong gateway security appliance that includes URL and content filtering, and bidirectional traffic inspection. When employees attempt to visit a banned site, or one with content
prohibited by your company, the transmission is blocked, and a report is sent to IT. The real-time bidirectional traffic inspection adds a critical layer of defense. It proactively monitors inbound and
outbound traffic for malware every time an employee visits a URL that hasn’t been blocked. If an
employee inadvertently lands on a legitimate site that has been hacked, or a rogue site that appears
legitimate, the inbound traffic triggers the appliance, which blocks the network transmission.
Conclusion
Every internet-connected company faces daily web-based security threats. The risk of infection is
exponentially greater if you lack comprehensive gateway security. Implementing acceptable usage
policies and proactive, real-time bi-directional traffic inspection will significantly reduce your risk.
NETGEAR, the NETGEAR logo, Connect with Innovation and ProSecure are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other
countries. Other brand names mentioned herein are for identification purposes only and may be trademarks of their respective holder(s). Information is subject to change without notice.
© 2010 NETGEAR, Inc. All rights reserved.
Related documents
Business Plan Scope Sheet - Cleveland Clinic Academy
Business Plan Scope Sheet - Cleveland Clinic Academy
How Cities Work - Urban Systems Collaborative
How Cities Work - Urban Systems Collaborative
SWOT-Analysis-Worksheet
SWOT-Analysis-Worksheet
The concept of Human Security
The concept of Human Security
The Sociology of Medical Education
The Sociology of Medical Education
A. Go through your course outline which is online. B. Choose a topic
A. Go through your course outline which is online. B. Choose a topic
Members Bill of Rights - The American Logistics Association
Members Bill of Rights - The American Logistics Association
Risk Analysis Power Point
Risk Analysis Power Point
View session overview, activities and output
View session overview, activities and output
downloads
downloads
Download