Upload File

whitepaper how internet usage puts your business at risk

  • Home
  • Documents
  • Whitepaper How Internet Usage Puts Your Business at Risk
prev
next
out of 4
Download Whitepaper How Internet Usage Puts Your Business at Risk

Upload: jeffreymichael981

Post on 07-Apr-2018

223 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 8/4/2019 Whitepaper How Internet Usage Puts Your Business at Risk

    1/4

    How Internet Usage Puts

    Your Business at Risk

  • 8/4/2019 Whitepaper How Internet Usage Puts Your Business at Risk

    2/4

    I n t r o d u c t i o n

    Small and mid-size businesses have come to rely heavily on the Internet as an essential part of their day-to-day operations. It offers speedy accessto information and enables 24x7 communications with the outside world. But despite the overwhelming benefits the Internet offers, it alsoinherently puts companies at risk from an array of security threats. Simply utilizing the Web puts the companies at risk of Internet-based threatsthat multiplies as online activity increases.

    I n a p p r o p r i a t e U s a g e

    Companies that fail to filter or monitor their employees Internet usage risk the productivity of their workforce, their reputation, and the security oftheir network. Employees can spend an exorbitant amount of time surfing the Web for both personal and business purposes. Many will visit onlineshopping, peer-to-peer, and social networking sites even online dating or adult sites. All of these activities waste company time and expose thecompany network to Internet-based threats.

    For example, adult sites are notorious for hosting malware. These sites are easy and inexpensive to launch, contain content that attracts numerousvisitors, and are taboo enough to elicit silence from visitors who suspect they may have infected their system by visiting the site. These attributesmake them the ideal medium for spreading malware.

    Online shopping sites are equally as notable for hosting Internet-based threats as their adult site counterparts. Spyware runs rampant throughoutmany of these sites. Additionally, they frequently link to third-party sites for many of their items, completely transparent to the user. Therefore, evenif the main site is trustworthy, the user rarely knows when he or she is on the clean site, or on one of an unknown third party.

    In an annual survey on information security breaches, conducted by PricewaterhouseCoopers on behalf of the United Kingdoms Department ofBusiness Enterprise & Regulatory Reform (BERR), it was discovered that as many as one in six businesses experienced staff misuse of theirinformation systems in the past year. Of the cases reported, 36 percent were spending an excessive amount of time browsing the Internet, with anadditional 41 percent accessing inappropriate Web sites. Though certainly less prevalent, employees accessing illegal content was also reported.

    Much of this inappropriate usage, including questionable or risky behavior, can be attributed to the nonchalant attitude many employees havetoward their employers equipment. Many employees proceed throughout the Internet with the belief that since it is not their computer they areusing, security is not important. Similarly, many users assume that security is the responsibility of IT, so risky behavior will not have any negativeimpact.

    V e h i c l e f o r E x t e r n a l T h r e a t s

    Even when used appropriately by the companys employees, the Internet is the primary source for an

    array of computer threats, including spyware, Trojans, bots, backdoors, and rootkits. In many cases, theonly user interaction required for an infection is to simply visit the site. This method of transmission, calleda drive-by download, occurs in the background during the normal course of the users online activities with neither the knowledge of, nor interaction from, the user.

    Based on NETGEAR ProSecure research, 79 percent these threats have been discovered on legitimatesites which have been hijacked by hackers who have stealthily infected the site with the threat. In theseattacks, hackers take advantage of Web vulnerabilities to insert threats on any site that has not yetapplied the patch. As a result, any site can be affected. In the first quarter of 2008 alone, thousands ofwebsites belonging to Fortune 500 companies, government agencies and schools reported being infectedwith malicious code. Even well-known security vendors such as Symantec, Trend Micro, and Computer

    Associates have had their Web sites compromised.

    Attackers have also learned to use legitimate sites as bait for social engineering tactics, which attempt

    to trick users into clicking on an embedded link or on the email attachment. In December 2008, thepopular social networking site Facebook was used in such an attack. An email arrived in users inboxeswith the subject line You look funny in this new video. The email then encouraged users to use theembedded link to view the video. The link diverted to a video site not belonging to Facebook andinformed the user that an update of the Flash player was necessary. Using the supplied link to take therecommended action installed a worm on the users system. The worm included spyware and opened abackdoor which would enable private information to be sent from the system, as well as for additionalcode to be installed on it in the future.

    The remaining 21 percent of these threats are the result of a user inadvertently visiting a rogue Web site.These sites are designed to appear legitimate, specifically to attract unsuspecting users. Many of themeven utilize search engine marketing and banner advertisements to increase the number of visitors.

    2

    Drive-By Downloads

    A drive-by download is aWeb-hosted threat. It is a bitdifferent than the previous threatsmentioned, in that it relies on thevictim coming to it, rather thanbeing sent to the victim's system. Ina drive-by download, threats suchas spyware, adware, or trojans areinstalled with neither theknowledge of, nor any interactionby, the user. When the user visitsan infected Web site, the threat isautomatically downloaded in thebackground. The infected site can

    be a rogue site, developed by amalicious author to appearlegitimate, or it can be a legitimatesite that has been hijacked by themalicious author and subsequentlyinfected with the threat. In eithercase, however, the user typicallydoes not even realize an infectionhas occurred.

  • 8/4/2019 Whitepaper How Internet Usage Puts Your Business at Risk

    3/4

    3

    By implanting threats on legitimate sites, attackers gain a built-in audience. In developing their own rogue sites, they gain more control over thethreat. In either case, it becomes apparent that blocking sites based on their content is no longer adequate to protect the company from suchthreats.

    P r o t e c t i n g Y o u r B u s i n e s s

    The users system is viewed by attackers as the path of least resistance to their real target the company network. Therefore, many threats enterthe network via the users system, and then propagate freely. Once inside, these threats can consume significant amounts of network bandwidth,steal sensitive company and customer data, damage file systems, or hijack the companys assets for launching spam and other email-borne

    threats.

    Therefore, the first line of defense against Internet-based threats is to establish and enforce an acceptable Internet use policy. The policy shouldclearly articulate the types of sites that are and are not permissible, as well as the amount of time deemed acceptable. However, most businessesallow some degree of personal Web activity using company equipment, and allowing employees too much freedom inherently puts the businessat risk. The policy must not only cover the amount of time employees are allowed to spend on personal business on the Web, but also the type ofsites they are allowed to visit.

    In addition to usage policies, it is absolutely essential that the company install strong gateway security that includes URL, content filtering, andbi-directional traffic inspection. With URL and content filtering, the security appliance enforces company policies by blocking prohibited URLs andinappropriate content. When an employee attempts to visit either a specific site that has been banned, or one that contains content that has beenprohibited by the company, the network transmission is blocked and a report is sent to IT.

    It is important to remember that filtering only protects the company from a relatively small percentage of these threats. For more comprehensive

    protection, the appliance must also conduct real-time bi-directional traffic inspection to proactively protect against malware from sites that havenot been specifically blocked. This adds a critical layer of defense to effectively protect the company against accidental infection via hackedlegitimate Web sites, as well as rogue sites that have been crafted to appear legitimate. Traffic inspection monitors the inbound and outboundtraffic every time an employee visits a URL. If an employee inadvertently lands on an infected site, the inbound traffic triggers the appliance, whichimmediately blocks the network transmission.

    C o n c l u s i o n

    Any internet-connected company is faced with Web-based security threats, through the normal course of their daily activities. If the company lackscomprehensive gateway security, the risk becomes exponentially greater. The establishment and enforcement of acceptable usage policies,coupled with proactive real-time bi-directional traffic inspection will help mitigate this risk.

  • 8/4/2019 Whitepaper How Internet Usage Puts Your Business at Risk

    4/4

    NETGEARProSecure STM Web and Email Threat Management Appliance Solution

    The ProSecure STM Appliance uses a unique technology that detects and blocks outbreaks based on their rapid and wide distribution behavior.This approach can detect spam and malware outbreaks as soon as they emerge, and block all associated messages in real time.

    The ProSecure STM Appliance features patent pending Stream Scanning Technology that is designed to scan data streams as they enter the

    network. With Stream Scanning Technology, the NETGEAR STM is able to process large amounts of data in real-time, using a single scan toidentify spam, malware, security breaches, or unnecessary applications. This ensures that users on the network receive their email and Webcontent clean and without delay.

    The ProSecure STM Appliance uses a proactive behavioral defense system that eliminates the gap between a vulnerability being exploited and thefix. The NETGEAR solution uses forensic analysis to indentify suspicious characteristics of incoming and outgoing network traffic, and neutralizesthem until they can be examined more closely.

    NETGEAR, the NETGEAR logo, Connect with Innovation and ProSecure are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries.Other brand names mentioned herein are for identification purposes only and may be trademarks of their respective holder(s). Information is subject to change without notice. 2009 NETGEAR, Inc. Allrights reserved.

    www.prosecure.netgear.com


Building Character Fairness. “Fairness puts the twinkle in the stars.” Fairness puts the twinkle in the stars.Fairness puts the twinkle in the stars

Microsoft Word - 37-RTO workpaper_041816.docx · Web view2020/10/26  · This whitepaper proposes the addition of two new usage bands: (1) splitting the current >11k kWh annual usage

WHITEPAPER: COLLABORA WHITEPAPER: COLLABORA Video ... · Video Collaboration & the Future Workplace ... WHITEPAPER: COLLABORA WHITEPAPER: COLLABORA ... Video conferencing …

Puts Sticker

DIA - Whitepaper Mar 19 Clean · 4.1 How Blockchain Can Revolutionize Financial Data Usage.....12 4.2 The DIA Solution ... 16 Disclaimer & key risk factors.....55. DIA Whitepaper

WHITEPAPER THEPATH TO CONTINUOUS COMPROMISE … · skilled security professionals should no longer be spent on system maintenance, including monitoring disk space usage, or writing

RUBY - Yo Briefca · 2020-02-14 · case rating when 4..5 puts "great" when 3 puts "alright" else puts "sucks" end

Whitepaper · ecosystem by participants is through the suggestion and voting processes. Usage of the DIM-E increases convenience for participants. This is achieved through DIMCOIN,

Kyocera Printer Usage and TCO Whitepaper - … opportunity: Printer usage and cost management strategies for the Australian mid-market The introduction of low cost personal printing

Whitepaper: EASA REGULATORY CHANGES ON THE USAGE OF SOFTWARE & SYSTEMS

More About Methods - d1b10bmlvqabco.cloudfront.net · More About Methods Prepared exclusively for Avi Flombaum report erratum • discuss. puts var1.reverse puts var2.reverse puts

360i Whitepaper on Twitter Usage Across the U.S. & U.K

premium ergonomic tools for healthy laptop usage. · A standard mouse puts your hand and wrist in an uncomfortable position and also provokes small, stressful movements . It is very

WHITEPAPER - 그대안의 작은 호수 · mainstream is a model for energy trading that takes control out of the hands of central players and puts everyday citizens in charge of

LIFT Group Whitepaper - TurksLegal · and give people peace of mind in the future. Against this backdrop, TurksLegal’s LIFT group puts forward “Toward a Better Industry - Training

WHITEPAPER - Cryptonomics · 2018. 10. 9. · mainstream is a model for energy trading that takes control out of the hands of central players and puts everyday citizens in charge

Options (Call and Puts)

Naked Puts

G DATA Whitepaper Vorlage · G DATA WHITEPAPER PUP’S 6 G DATA WHITEPAPER PUP’S 7 Whitepaper PuP EN 04-2015 • 3210110515 Whitepaper PuP EN 04-2015 • 3210110515 ARE POTENTIALLY

LivePersLivePerson Security Whitepaper 2014on Security Whitepaper 2014

API whitepaper - oracle.com · Created Date: 3/28/2017 1:08:08 PM Title: API whitepaper Keywords: Oracle, API, whitepaper, API whitepaper, Apiary, cloud

Fourth EC Framework Programme - aei.pitt.eduaei.pitt.edu/34479/1/SEC_(96)_568.pdf · puts them in the context of the Commission's proposal for a financial ... usage of water hut 0\·erall

Key Requirements Recurring Revenue Recognition · PDF fileof Recurring Revenue Recognition. WHITEPAPER ... or a mixed base of flat-rate and variable-rate usage charges. ... ceptable

Present perfect tense Usage: The present perfect tense p puts emphasis on the result Ex: She has written five letters. e expresses an action that is still

002 MÓDULO 2 – AULA 2 VERBOS BÁSICOS (no tempo presente) TO PUT= POR I put( put ) You put He puts ( puts ) She puts ( 1

Discount Calls/ Puts

» Whitepaper«

WHITEPAPER / THE EVOLUTION OF CLOUD ADOPTION …€¦ ·  · 2018-03-20THE EVOLUTION OF CLOUD ADOPTION IN AUSTRALIA ... Resource usage can be monitored, controlled, and reported,

Adoption & Usage: What You Need To Kno€¦ · WHITEPAPER Driving Office 365 Adoption & Usage: What You Need To Know The Definitive Guide To Improving Adoption Of Office 365 WRITTEN

Cap Min Puts

Graco Supply Systems · “intelligent” integrated electronic monitoring system. DataTrak puts you in control by: • Tracking and displaying material usage and volumetric flow,

G DATA Whitepaper Vorlage€¦ · G DATA WHITEPAPER PUP 2 G DATA WHITEPAPER PUP 3 Whitepaper PuP NL 03-2015 • 5411010415 Whitepaper PuP NL 03-2015 • 5411010415 Motivatie 03-03

WAVE Whitepaper › storage › documents › whitepaper... · 2020-03-03 · 3 6.2. ERC-20 18 6.3. Funds usage 18 7.Roadmap 19 8.Amendments 19 8.1.Fees 19 8.2. Referral program 19

Understanding the Metadata Cache - Scheduler Usage€¦ · ADAPTIVE SERVER ENTERPISE WHITEPAPER Understanding The Metadata Cache Written By David Wein Sybase Product Support Engineering

Puts - imfsg