Vulnerabilities / Threats
9/17/2010
03:40 PM
50%
50%

Tech Insight: Employee Monitoring--Coming Soon To A Network Near You

More companies are monitoring and enacting policies to address employee Web and e-mail activity at work and off-hours

Social networking and Generation Y have had a profound impact on how companies perceive casual Web surfing by employees. The effects on security and productivity can have dire consequences for all involved -- everything from a little bad press to a major data breach and employee dismissal with possible civil and criminal action. This is why more companies are performing monitoring and enacting policies to address employee Web and e-mail activity at work and off-hours.

Companies are taking on Web monitoring for a number of legitimate reasons. On the corporate IT side, the concerns center around the increase of malware taking advantage of social networking sites and the potential of sensitive data being posted on a site they do not control. On the flip side, management is caught in a Catch-22 trying to increase productivity by blocking popular social networking sites while trying not to negatively affect Gen Y employees' likelihood to move onto a more "open" company. The choice to monitor and filter Web content is not one that should be taken lightly. It forces management to make several critical decisions, like who will be responsible, the level of monitoring to put in place, and which sites and content are deemed inappropriate. The chance of sensitive data leaking through social media or a workstation becoming infected with data stealing malware is not something companies want to risk. No one likes to consider themselves "big brother," but more and more companies are choosing to put the onus of monitoring and reporting of employee Web surfing activity onto IT -- a task most do not relish. Seven percent of respondents to the InformationWeek 2010 Strategic Security Survey said they spend a great deal of time monitoring employee behavior. That doesn't sound like much, but the number of respondents who said they monitor is much higher. In 2010, the percentage of organizations jumps 8 percent -- to 73 percent who monitor employee behavior to reduce the use of inappropriate websites. With nearly three-quarters of the survey's respondents focused on preventing access to inappropriate Web content, it's a little surprising that less than half were focused on increasing user productivity since that is the most common argument from management.

No matter the argument, the fact is that monitoring has become incredibly easy. The simplest method is to set up workstations to use a Web proxy through which all Web traffic must pass. The proxy can handle monitoring and filtering, and often includes content inspection for malware. Reports can be generated on-the-fly or e-mailed at a scheduled interval.

Whether your enterprise is concerned with security or productivity, the time to start monitoring and filtering content is here. The Web and content filtering market has matured beyond simple software on endpoints and appliances to cloud-based services requiring little up-front capital expense and reduced operating costs, making it a much more attractive offering than several years ago.

For e-mail and Web monitoring, most network-based content filtering solutions handle both and address filtering, monitoring, and even some basic data loss prevention. And with hosted security services including Web and e-mail filtering, there is less setup time to test out a cloud-based provider. It often consists of a quick change on the firewall, router, or a workstation.

Choosing the level of monitoring often makes security professionals a little squeamish. To make things easier and more palatable, the initial effort can be more focused on security risks and material generally categorized as offensive. Security risks include known malicious or infected sites and sites containing hacking tools. Offensive sites can vary, especially given the nature of the business, but it typically includes pornography, drugs, and violence. The flexibility of modern monitoring solutions let enterprises choose just which categories of content to block. Beyond the common ones previously mentioned, organizations can choose to block social networking, political, shopping, file sharing, news, sports, religion, entertainment, and much more. Much of the decision-making will revolve around corporate culture and the personalities involved in choosing what should be blocked.

One statistic worth noting is that 55 percent of respondents to the InformationWeek survey said they monitor to reduce unauthorized attempts to access sensitive data. Unless those respondents' data is accessed through Web applications, they will need something beyond the typical Web and e-mail monitoring tools -- something in the realm of database activity monitoring or data loss prevention solution that can monitor and report on usage of sensitive data. Whether you want to be big brother, employee monitoring is becoming commonplace, and blocking content is necessary to protect data, public image, and branding. Sometimes it can be used to the extreme, but when kept in check and reasonable policies are set forth, it can help prevent malware from ever being downloaded to a workstation from a malicious site.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Malware Incidents Hit 100% of Businesses
Dawn Kawamoto, Associate Editor, Dark Reading,  11/17/2017
3 Ways to Retain Security Operations Staff
Oliver Rochford, Vice President of Security Evangelism at DFLabs,  11/20/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.