Web Security. Web use at work, where do you draw the line? Is it okay for employees to spend a little time internet shopping?
What about spending time on social networking sites, playing online games, downloading pirated movies or gambling online?
The internet has created new opportunities for mischief and new challenges for IT Managers.
What are the Web Security Risks?
- Legal concerns– This is an area in which the law has traditionally lagged behind developments in technology and has attempted to catch up over the last decade.
As such, there is now a framework of legislation which impinges on what an employer should and should not do in terms of monitoring their employees’ use of the Internet.
- Cyber slacking– Unfortunately, the web now offers more potential distractions than ever before. The key activities which can lead to a drain on employee productivity include chat rooms, streaming media, online games and file downloads.
- Inappropriate content– Visits to adult and illegal websites are becoming less common in the workplace. Nevertheless they expose businesses to severe legal risks, e.g. from failure to protect staff from indecent images, cyber bullying and sexual harassment.
As well as prosecution, fines and other penalties, the results can include loss of client trust and unwelcome media coverage.
- Spyware/Viruses- Increasingly, websites are becoming the preferred delivery mechanism for damaging malware such as viruses, as well as spyware and adware.
In some cases, simply visiting an infected website will be enough to download unwanted programs onto a computer.
- Social Networking and Blogging- Comments made by employees on social networking sites and blogs can have a significant impact on their employers, particularly as the line between work and home life becomes increasingly blurred.
There are well publicised examples of employees of being dismissed in relation to material on their blogs which employers viewed as bringing the companies into disrepute.
- Wasted Bandwidth- Internet connections cost money. If half your bandwidth is taken up with non-work traffic, you’re paying twice as much as you need to, or your business-critical communications are running at half their proper speed.
Top tips to protect your company
Protect your business- We recommend that companies give serious thought to web use in the workplace and how they want to manage the risk presented by this invaluable resource. In particular:
- Keep external threats out: Protect your network against spyware, viruses and other malware. MessageLabs Web Security Services provides multi-layered protection against known and emerging malware.
- Manage internal threats: A clear and comprehensive Acceptable Use Policy (AUP) will help minimise the risk posed by web use in the workplace. Ensure employees are aware of it. Review and update it often.
- Latest trends: Make sure your AUP covers the latest trends in web use, such as social networking, blogging and file sharing. These are hugely popular online activities which present new challenges for IT security.
- Enforce your AUP with an appropriate technology: For example, with MessageLabs Web Security Services, flexible time based and content based rules can be set to control web access or block certain sites.
- Seek advice: Ensure the potential impact of monitoring employee web use is properly assessed and proportionate to the perceived risk. This may require specialist legal advice.
- Publish your AUP: Put it where employees can easily find it. Post a copy on your intranet or send a summary out with their payslips. Consider training staff on how to comply with your usage policy for web.
Top tips to protect your employees
Protect your employees- As well as crafting a company position on web use in the office, you can help your staff to understand the risks they run as individuals when online. Inform them about the following:
- Malicious links: Email is increasingly used by spammers to spread links to websites which contain spyware. Don’t click on any links to websites whose legitimacy you have any doubts about.
- Don’t drop your guard: Check the identity of anyone requesting confidential data from you online. Why do they want the information? Do they need the information?
- Protect your account: Use a strong password and change it regularly. A strong password combines upper and lower case letters, numbers and punctuation marks. Choose passwords that are unique mixtures of letters and numbers.
- Remember, what goes online stays online: Search engines index many social networking sites. This means that your online profile could be searched and checked very easily. A good rule of thumb is to avoid saying anything online that you wouldn’t say to your boss or your grandmother.
- Protect your PC: Make sure your personal anti-virus, anti-spyware and browser are up to date. This should protect you against malicious software. When prompted, make sure you install web security updates.