During July, August, and September of 2011, Commtouch assessed categories of Web sites most likely to be home to malware, below are the top ranking offenders.  The Portals category includes those sites offering free hosting which are often abused to publish malware and phishing content or will redirect to sites with this content.

What were the most-visited categories by your employees during 2011?

Are you currently monitoring and/or blocking the existing Spyware/Malicious, Phishing/Fraud, Public Proxy, and Hacking categories to help protect your network?

In today’s wired workplace, internet security and bandwidth consumption are top concerns for IT professionals while employee productivity and legal liability ail management and HR professionals.  As a major contributor to the Web-use management effort, IT typically becomes deeply involved in planning, testing, selecting, installing, and administering Internet monitoring software.  With the different departments playing a role in deciding on the best product to fit their vast needs, most are left without a solution.  Fortunately, Wavecrest’s products have been reviewed by our customers as meeting each role’s needs most effectively, offering manager-ready, easy-to-interpret reports that can be accessed without the IT personnel in addition to providing a robust, truly scalable IT-friendly remedy.

With Wavecrest Computing, customers have the insight needed to proactively monitor / block the notorious malicious sites based on custom categories, the Wavecrest Control List, and a real-time deep packet analysis process.  Plus, our 19 comprehensive templates provide a variety of summarized and detailed Web-use activity reports on users, groups, categories, sites, acceptability ratings, and bandwidth consumption.  Conveniently import your current Web Use Policy to easily customize or classify categories, implement abuse thresholding, and monitor employee productivity while our Administrator and Operator Accounts allow for non-IT personnel to create and obtain their role-specific reports.

While serving a diverse mixture of commercial businesses, industrial firms, government agencies, military units, educational institutions, and non-profit organizations since 1996, our products continue to present the most up-to-date, proactive coverage in line with the one factor that underlies all Web-use management issues, human online activity. Wavecrest’s managers and developers understand human resource management well and we use that knowledge to develop features that prevent productivity losses, legal liability problems, network issues, and unnecessary costs.

Cyber Monday is no more – in an uncertain economy, post-Thanksgiving online holiday shopping has increased since coined in 2005 and now lasts for one month with more than 50% of all online spending taking place during working hours¹.  What does this mean for your business?  A large decrease in employee productivity, a boost in bandwidth consumption, and one of the most popular times for cybercriminals to attack your secure data.

Lost productivity can mean big bucks for your company, reducing employee output to a mere 60%².  A survey by CareerBuilder states that more than half of the 4,000 respondents polled intend on shopping online while at work with one third of those planning for more than one hour each day, in addition to the two typical hours daily already reported by respondents (time excludes lunch hour and scheduled breaks).  If you do not have a Web-use policy or Internet Acceptable Use Policy (AUP) in place, one is necessary to help report, monitor, and prevent employee Internet abuse in addition to protecting your company from legal liability.

Downloading malware is another risk as employees use the Internet for personal reasons. Spyware and malicious code are big threats to company networks as they can consume bandwidth and compromise security.  Recent studies show that company networks are being infected with spyware and malicious code most often through employees surfing the Web; with the holidays increasing that risk, these threats make it imperative for companies to enforce an AUP to protect their networks. Wavecrest Computing suggests that companies monitor and/or filter employee Web use in order to better protect themselves from security threats. In addition to the inherent risks associated with hacking your online security – loss of company reputation, destruction of company data, and the downtime employees face while systems are restored – the costs to mitigate attacks are extraordinary and rising each year.  This year, U.S. companies are expected to spend more than triple the costs spent in 2006³.

To ensure these threats do not happen to your company this holiday season, run through our checklist and remember to check it twice!

• Install all applicable system and program updates to avoid malware from infiltrating any system frailty that could have easily been patched with an update.
• Create a Web usage policy and clearly communicate it to your employees.
• Be cautious prior to clicking on links to different websites particularly those found on social networking sites as they’re often a hotspot for malware.
• Avoid the use of pirated / illegal software as many contain malware.
• Never open email attachments from unknown senders and make sure to scan attachments you do decide to download.
• Make steps to consistently back up your computer in the case that malware wipes your hard drive clean.
• Monitor servers and security devices 24x7x365 for security issues and require preventative actions be taken on security threats in real time – this is where we come in!

CyBlock can be set up to block Web access by categories and by hour so employees can access shopping sites on their lunch break or after hours. This approach can help sustain morale while minimizing the risks associated with online shopping.  With Cyfin, you can monitor employees’ Web use to ensure that Web-use policies are followed or that unwanted spyware or malware is not downloaded as a result.  Let us guide you to a safer, more reliable, robust security solution with exceptional support at an unbeatable price!

Sources:

¹http://blog.comscore.com/2011/11/cyber_monday_work_computers.html

² http://www.wavecrest.net/editorial/costsavings.html

³http://money.cnn.com/galleries/2011/technology/1107/gallery.cyber_security_costs/index.html?iid=EL

We recently came across “Best Practices Regarding Employee Computer Use,” written by Dandford Grant, a partner at Stafford Frey Cooper law firm, and thought it could be a great resource for Wavecrest customers and others thinking about implementing a filtering or monitoring solution. The paper discusses employee privacy rights, monitoring and surveillance of employees, and recommended policies & practices. It also gives examples of past legal cases and their rulings.  Below are a few highlights and good points to take away from the paper.

• “In most situations, a certain amount of monitoring is good business and may be required.”
• An employer should inform employees that Internet and email use will be monitored.
• “Monitoring should be fair and consistent,” i.e., run and review the same reports regularly and dig deeper when the data warrants it.
• Most importantly, communicate with employees frequently about your organization’s acceptable use policy and best practices when using email and Internet sites, such as social networks, blogging, etc.

Approximately 20% of personal Internet use at work poses potential threats to the employer. Web access in the workplace can be a valuable business tool, but it also carries significant risks. Check out our presentation that discusses the risks associated with Web use and why monitoring and filtering helps mitigate those risks.

It has always been important to know that your company’s resources are being used properly and to the best of their capability.  Businesses want to ensure that their employees are being productive and not wasting the organization’s time and resources.

Internet access is one of those resources that can easily be abused, costing an organization time and money. Internet filtering and/or monitoring with one of Wavecrest’s Cyfin or CyBlock products can help preclude or drive down costs in at least four areas: productivity, bandwidth, legal liability and security.

1. Productivity

• The average worker admits to frittering away 2.09 hours per 8-hour workday, not including lunch and scheduled break-time (America Online and Salary.com survey, 2006).
• The average employee costs a company $29.71 per hour (including salary, overhead costs, benefits, payroll taxes, etc.) —- United States Department of Labor Bureau of Labor Statistics — March 2010.
• Lost productivity costs the company $59.42 per day per employee (2 hrs x $29.71).
• Average employee works 240 days per year.
• Yearly loss per employee is $14,260.80  (240 x $59.42)
• Loss per 1000 employees is $14,260,800 per year.
• Average cost for a Wavecrest Internet filtering or monitoring product with a 1000-employee license is $3,500 per year ($3.50 per user).

Conclusion:  Cost of a Wavecrest license is less than three tenths of one percent of the cost of lost productivity. A well-communicated Web-use policy, coupled with an effective monitoring product, greatly increases productivity in the workplace.

2.  Bandwidth

Reliable studies indicate that as much as 70% of a company’s bandwidth is being consumed by non-productive pursuits. Activities such as online video, audio streaming, downloading movies or MP3′s are especially damaging.  It is quite clear that eliminating or significantly reducing bandwidth abuse can improve network performance and preclude or decelerate the need for organizations to support increased bandwidth use.

3.  Legal Liability

Web-related legal costs typically result from employees visiting pornography sites.  Many studies show this to be a serious problem. In fact, according to research by Nielsen Online in October 2008, one quarter of employees who use the Internet visit porn sites during the workday.  Hits to porn sites are higher during office hours than at any other time of day, according to M.J. McMahon, publisher of AVN Online magazine, which tracks the adult video industry.

This type of activity puts the employer at serious risk of being sued by other workers who are offended or upset by being exposed to pornographic images. Such suits usually take the form of sexual harassment or hostile workplace litigation and can be very costly in terms of damage to reputation as well as legal costs.

4.  Security

Studies show that approximately twenty percent of personal use of the Internet by employees involves activities that pose potential threats to employer network security. Examples include file sharing, the use of malicious code, spyware and more. Like bandwidth abuse, the associated costs are difficult to quantify, but such activities can easily result in network disruptions or slowdowns and/or loss or compromise of proprietary data; these all come with a cost.

USA Today reported today that “several top Security and Exchange Commission staffers surfed porn sites as economy teetered.”  While many of us like to think that “everyone” knows it’s inappropriate to surf porn at work using the office computer, time and time again stories like these still pop up.  While whether or not to allow social networking in the office and how to control the use of these sites seems to be the big surfing topic today, apparently we still cannot forget about pornography.  Pornography poses several risks to businesses and government agencies. These include productivity losses, security issues and legal liability.  No matter how strict or lenient your acceptable use policy is, one thing is clear.  Communicating your Web-use policy and regularly monitoring employees’ Web use is important.  You want to stop the problem before it starts or turns into an employee spending “up to eight hours a day looking at and downloading pornography.”

Source: http://content.usatoday.com/communities/ondeadline/post/2010/04/ig-report-several-top-sec-staffers-surfed-porn-sites-as-economy-teetered/1

There has been a lot of buzz surrounding the use of social networks, i.e., Facebook, Twitter, LinkedIn, etc.,  in the workplace recently.  This is a great reminder to all organizations to take a look at their current Web-use policies and update them.

Reuters covered a recent seminar put on by LeClairRyanon covering “Key Issues in Labor & Employment Law,” where the importance of a policy for social networks was discussed.  The speaker, Joseph P. Paranac, a shareholder in LeClairRyan’s Labor and Employment Group, stated, “Inappropriate and unwise use of online social networking sites like Facebook and Twitter is a growing source of liability risk for employers, including discrimination, defamation and retaliation claims.”

He went on to offer some Web-use policy suggestions for employers.

“In order to have a successful policy on the use of social networking sites, Paranac told the audience, employers should stipulate that:

• Employees may not comment or use any confidential information about the employer or discuss internal matters.
• Use of online social networks should be limited to non-working hours, unless the use is for legitimate business purposes.
• Employees’ comments should not be discriminatory or harassing.
• Similarly, they should not be disparaging or defamatory to the employer’s business.

The veteran attorney also offered the following elements of a successful Internet and e-mail policy:

• Employees should be trained on electronic communications equipment parameters and prohibitions.
• All business systems and company-issued electronic communication equipment and data belong to the employer.
• Systems and equipment must be used for appropriate and lawful business purposes only.
• Employee use is subject to review/monitoring by the employer and employees who use employer equipment have no expectation of privacy.
• Use of systems and equipment for harassment, discrimination, or defamation is strictly prohibited.
• Disclosure of employer confidential information is strictly prohibited.
• Warn employees of the penalties or policy violations.
• Obtain a signed acknowledgment of employee receipt of policy.
• Include a procedure for reporting violations.
• Enforce the policy!”

Read the full article: TWEET: ‘I’m About to Testify in My Defamation Case!’

With high unemployment rates and the potential of them rising even more, you would think that employees are doing whatever they can to be productive and keep their jobs.  Instead, according to a study by Nielson Online in October 2008, visits to porn sites at work is up 23 percent from the previous year.  This means that almost one quarter of employees are visiting porn sites during the workday.  “Hits to porn sites are highest during office hours than at any other time of day,” according to M.J. McMahon, publisher of AVN Online magazine, which tracks the adult video industry.

Some analysts believe that it has to do with the declining economy and people looking for an escape, while others speculate that it has to do with a younger generation in the workforce that has grown up accepting porn as a part of life.

Regardless, porn surfing at work poses a major legal liability risk for businesses.  This type of activity puts the employer at serious risk of being sued by other workers who are offended or upset by being exposed to pornographic images. Such suits usually take the form of ‘sexual harassment’ or ‘hostile workplace’ litigation and can be very costly in terms of damage to reputation as well as legal costs.  In addition to the legal costs, businesses also have to be concerned about costs due to loss of productivity.

In fact, the Senate Finance Committee is investigating the misuse of NSF computers by government officials to view online pornographic material. In one instance, the report cites an NSF “senior official” who allegedly spent 20 percent of his work hours “viewing sexually explicit” Web sites. This amounts to a potential loss of $58,000 in employee compensation.

According to Salary.com, the average employee wastes 2.09 hours a day on the Internet.  An average administrative employee costs a company $37.84 per hour according to the U.S. Department of Labor Bureau of Labor Statistics.  For a company with 1,000 employees, this amounts to over $18 million in productivity losses in a year.

A simple and cost-effective way employers can help ensure that employees use the Internet for productive purposes and not visit sites that pose a legal liability threat to the company is to filter and/or monitor Web access.  Wavecrest Computing offers Internet filtering and monitoring products CyBlock and Cyfin, to fit any organization’s needs.  The average cost for a Wavecrest product with a 1000-employee license is $3,500 per year. This is less than two tenths of one percent of the cost of lost productivity, making an Internet filtering or monitoring solution well worth the investment.

Sources:
http://www.newsweek.com/id/171279
http://www.foxnews.com/politics/2009/01/28/grassley-launches-inquiry-widespread-porn-charges-nsf/