:
In the age of Enron and failed intelligence, scandals remain the rage of the front page. Companies want to see positive spin and not scandal related material published. Imagine for a moment the educational software site where employees are identified as regular visitors to pornography websites. The effect to such a company’s image could be devastating.
Leaks, Peeks & Sneaks
There are numerous security risks facing companies with internal networks. Primary among their concerns are stifling leaks and backdoors that allow hackers to penetrate their firewalls. But the threat from within the company may prove to be more devastating to a company’s reputation and subsequently their stock value and much more.
Employees face a four-pronged attack from blended threats across the board. Phishing and pharming are two of the more popular attacks that face Internet users everyday. Typically sent via email, phishing attacks depend on the concern of an employee to take care of matters ranging from personal to financial. The uneducated user will click an embedded link and leave the network vulnerable to an attack.
The sophistication of these attacks can penetrate even the most complex of security systems unless user error can be compensated for. The most popular forms of phishing involve instant messaging and emails. Despite the widely known understanding of spoofing, most users do not expect to receive messages from spoofed accounts.
Increasing a systems security perimeter can block instant messaging ports and prevent such external security breaches. Network security devices can also block web requests to URLs presented in instant messages. Better still, URLs or web requests from internal users can be compared to a database of acceptable websites and disallowed or denied if they do not match.
Living on the Fringe
Installing spyware and malware is another by-product of visiting less than secure websites. Internet users are often besieged by offers for free software, free access and freebies. The lure of the freebie is as potent if not more so on the Internet than it is in real life. Downloading such freebies can come with passenger programs designed to record keystrokes and much more.
The least of the problems that spyware can commit is to tie up bandwidth and computer memory. The worst is that it can actually spawn Internet attacks to other sites, download critical data and send it elsewhere. Employees do not have to be lured just by a freebie either. They can simply make a typo in submitting a URL and find themselves in the wrong Internet neighborhood. Clever programmers can generate pop-up windows and disguise a button with a simple label like ‘close’ and the user will click it, thinking they will only close the nuisance window. Some programs on high-speed network access can be downloaded in the blink of an eye, compromising the computer and potentially the network.
One-Click Scandals
Scandals need very little fuel to fire. A user who chooses to go to a website of questionable integrity and intent and a user who is lured there by a bad link or a typo offer the same type of danger to a company. Scandals do not have to make the front page to generate reputation-damaging issues for a company.
Word of mouth is as fast a delivery service for reputation sabotage as press reporting is. A network security company that cannot protect against hacking of their website does not engender trust or confidence. A financial investment firm that is accused of insider trading when emails and instant messages from employees are subpoenaed and found to be questionable will likely lose clients, capital and more.
The Burden of Responsibility
Scandal can be generated by an innocent act as easily as by one of guilty intent. Corporations are responsible for the actions of their employees. Questionable Internet behavior and activity can and will affect a company’s reputation, financial standing and potentially their legal standing as well.
A corporation bears the burden of responsibility for its employees and their actions. By employing network security devices to monitor and restrict Internet activity, a corporation not only relieves a large measure of their burden, but also protects their interests on numerous fronts. Without such protection, a company is courting disaster and inviting scandal.
No comments:
Post a Comment