{"id":836,"date":"2011-10-11T19:43:13","date_gmt":"2011-10-12T00:43:13","guid":{"rendered":"http:\/\/swildow.darktech.org\/wp\/?p=836"},"modified":"2011-10-11T19:43:13","modified_gmt":"2011-10-12T00:43:13","slug":"the-top-37-risks-admins-take-with-uncontrolled-internet-usage","status":"publish","type":"post","link":"http:\/\/www.wildow.com\/blog\/?p=836","title":{"rendered":"The Top 37 Risks Admins Take with Uncontrolled Internet Usage"},"content":{"rendered":"

The Top 37 Risks Admins Take with Uncontrolled Internet Usage<\/a><\/h2>\n
Written by Emmanuel Carabott<\/a> on October 10, 2011 \u2013 4:00 pmNo Comment<\/a><\/div>\n

\"\"No one in IT really wants to be the Internet Police \u2013 granted. In fact, the less we know about our colleagues\u2019 web surfing habits, the happier we will probably be. Sometimes there really is such a thing as \u2018too much information\u2019. However, it is our responsibility to safeguard our company\u2019s resources, and that includes both confidential information stored on our server and the workstations that use our network, so we do have to take certain actions to protect ourselves and our coworkers from the worst of the web. The combination of an acceptable usage policy and web filtering software helps guard against the web threats that are out there. What are these \u2018web threats\u2019? There are several risks associated with uncontrolled Internet usage. Below you will find 37 of them, grouped into eight categories. Some could be included in more than one category, and in that case, I have them listed where I think they do the most harm.<\/p>\n

<\/p>\n

Malware<\/h2>\n

1. Viruses<\/strong>
\nMost infected files these days are downloaded from the Internet. Whether the user is trying to get an application for their job or a new screensaver, downloads which have not been scanned become bad news.
\n 2. Trojans<\/strong>
\nMany Internet downloads contain remote access Trojans or spam mailers, designed to give bad guys access to your data and resources.
\n 3. Cross-site scripting<\/strong>
\nEven with up-to-date antivirus software, visits to infected websites can steal information by tricking users into filling out forms they think are safe, or presenting them with malicious content.
\n 4. Tracking<\/strong>
\nComplete privacy on the Internet is not practical, but providing your complete web history to advertisers is not a good idea either.
\n 5. Botnets<\/strong>
\nInfected computers often become zombies, reaching out to contact the command and control servers for orders.
\n 6. Spyware and adware<\/strong>
\nKeyloggers, browsing history, and pop-up ads, are all part of the fun of surfing to the wrong places on the web today.<\/p>\n

Phishing sites<\/h2>\n

7. Identity Theft<\/strong>
\nMany phishing sites ask for personal information in order to assume the identity of the victim.
\n 8. Financial loss<\/strong>
\nOther phishing sites may be after credit card or bank account details for immediate financial gain.
\n 9. Social engineering<\/strong>
\nThere are sites out there trying to gain usernames and passwords to webmail, online banking, and remote access systems, with which they can access for further nefarious deeds.<\/p>\n

Inappropriate content<\/h2>\n

10. Pornography<\/strong>
\nWhat users do at home is their own business; what they do at work could get the company sued.
\n 11. Racial hatred<\/strong>
\nIt\u2019s a shame that in 2011 racism is still rife and this can lead to a hostile work environment suit.
\n 12. Religious intolerance<\/strong>
\nMuch like racial hatred, religious intolerance of any faith has no place at work, and could also lead to a hostile work environment.
\n 13. Alcohol, tobacco and drug related sites<\/strong>
\nUnless you work in the industry, there is little chance these topics are work related, but if the arise within the workplace, they could cause tension among employees.<\/p>\n

Data loss prevention<\/h2>\n

14. WikiLeaks type sites<\/strong>
\nThe company\u2019s confidential information won\u2019t stay confidential for long if it is posted to a public site and makes the evening news.
\n 15. Forums<\/strong>
\nDisgruntled employees may think they are harmlessly venting when the rant on a forum, but the company\u2019s reputation may suffer as a result.
\n 16. Blogs<\/strong>
\nCompany approved blogs are good; technical blogs are too. But a user blogging at work (unless that\u2019s their job) is wasting time, and might be posting confidential information not yet ready for public release.
\n 17. Instant messaging<\/strong>
\nAn approved corporate IM solution is a valuable communications tool; unrestricted access to public services can present many risks, including IM spam, malicious links and data leakage.
\n 18. P2P<\/strong>
\nPeer to peer software can be useful, but too often a user shares their entire hard drive, making all the company documents on it available to others.
\n 19. Online storage<\/strong>
\nIf a user needs to store data with an online storage company, that data is now outside the company\u2019s control. You\u2019re not backing it up, searching and indexing it, and you cannot retrieve it if the employee leaves. Unless approved by the company, users should never be allowed to use cloud storage services.
\n 20. Webmail<\/strong>
\nCompanies that use DLP solutions on their email system do so to make sure nothing is being emailed that presents a risk, like IP, NPI, or other sensitive data. Letting users access webmail provides them a way around this, and also risks them using personal email for corporate business.<\/p>\n

Lost productivity<\/h2>\n

21. Social Networking<\/strong>
\nChecking their Facebook wall post may sound like a one-minute thing, but this might turn into hours per week as users tend to do other things once there such as commenting on\/following their friend\u2019s status updates, images, videos, andso on.
\n 22. Auctions<\/strong>
\nSubmitting a bid might take only seconds at the start of an auction, but users can burn hours checking on a long term auction, or staying onto the close to make sure they aren\u2019t outbid.
\n 23. Gaming<\/strong>
\nNo need for explanations here, an innocent five minute break to play an online game, might turn into long wasted hours.
\n 24. Gambling<\/strong>
\nJust as in online gaming, but with the added concerns that this could lead to legal issues.
\n 25. Dating<\/strong>
\nDating sites can become attention traps, leading a user to spend the entire day checking out their possibilities rather than focusing on their job.
\n 26. Software downloads<\/strong>
\nAny software a user needs should come from IT, to ensure it is licensed, appropriate for the task, supportable, and doesn\u2019t crash their PC or LOB application.
\n 27. Daytrading and investment sites<\/strong>
\nAnother site that seems harmless at first, until the user spends all morning waiting for the exact moment to buy or sell.
\n 28. Employment sites<\/strong>
\nIf they want to hunt for another job, they really need to do that on their own time.
\n 29. Online shopping<\/strong>
\nHere\u2019s one you may want to allow a limited amount of access to, especially during the holidays, but you don\u2019t want users to spend all day shopping when they should be working.<\/p>\n

Copyright violations<\/h2>\n

30. Torrent sites<\/strong>
\nBittorrent is a very useful protocol for distributing ISOs of open source operating systems, but too often it is used to distribute movies and music. This could go under bandwidth crushers, but the bigger risk is that your company gets sued by the MPAA or RIAA.
\n 31. Warez<\/strong>
\nUnlicensed software can cost a company millions of dollars in fines. If a user needs an application to do their job, make sure that IT is buying it legitimately and licensing it appropriately. The BSA does take legal action.<\/p>\n

Bandwidth crushers<\/h2>\n

32. Internet radio<\/strong>
\nA single user streaming music may not use much bandwidth, but when the entire office is doing it, the total can quickly saturate a pipe.
\n 33. Sporting events<\/strong>
\nI once worked for a company that only blocked one thing \u2013 the NCAA Final Four Basketball Tournament. Every year we had to scramble to block every possible way it could be viewed online because it not only killed productivity, it took out the campus DS3.
\n 34. TV and movie sites<\/strong>
\nSome folks might be able to work with the TV on in the background; most can\u2019t really work well though, and the amount of aggregate bandwidth several simultaneous streaming movies can consume can quickly use up the entire circuit.<\/p>\n

Policy violations<\/h2>\n

35. Anonymizers<\/strong>
\nYou can argue that anonymizers are only there to protect users\u2019 privacy, but you cannot argue that there is a real reason why they need that while surfing at work. Whatever they are doing online, if they need to use an anonymizer service, it probably isn\u2019t work related.
\n 36. Open proxies<\/strong>
\nHere\u2019s another case where the likelihood that whatever they are doing is work-related approaches zero. Open proxies really just help you hide your actions or access content that is not licensed for your actual country of origin. In either case, it\u2019s not work related activity.
\n 37. IM portals<\/strong>
\nIf you are blocking instant messaging, the easiest way to get around that is for a user to hit the service\u2019s web portal or one of the many IM aggregation portals that exist. Blocking these helps ensure you are restricting IM access.<\/p>\n

You don\u2019t need to block 100% of all sites within all of these categories. A certain amount of recreational Internet access can go a long way towards improving employee morale, and if it doesn\u2019t cause a productivity issue, and all users obey the rules, there\u2019s no harm for most organizations. Look for web filtering software that can permit a certain amount of recreational use, either by total time or bandwidth used. \u201cNothing in excess\u201d is a good rule of thumb for those categories that don\u2019t present a risk of data loss or malware infection. While uncontrolled Internet access presents many risks, a good web filtering solution and appropriate policies can mitigate those while still letting users surf the web.<\/p>\n","protected":false},"excerpt":{"rendered":"

The Top 37 Risks Admins Take with Uncontrolled Internet Usage Written by Emmanuel Carabott on October 10, 2011 \u2013 4:00 pmNo Comment No one in IT really wants to be the Internet Police \u2013 granted. In fact, the less we … Read More »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-836","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/836","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=836"}],"version-history":[{"count":1,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/836\/revisions"}],"predecessor-version":[{"id":837,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/836\/revisions\/837"}],"wp:attachment":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=836"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=836"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=836"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}