Five Ways Your Best Employees Can Compromise Your Network ... And Not Even Know It

By Dirk Morris, Co-Founder and CTO, Untangle  |  Posted 2008-06-25

Five Ways Your Best Employees Can Compromise Your Network ... And Not Even Know It

"I'm a small business. No one is going to bother trying to hack my network."


In fact, 56 percent of small businesses surveyed by the Small Business Technology Institute had at least one security incident in the previous 12 months. More and more, instead of going after the big boys, cyber-criminals are attacking small businesses that have systems that are often more vulnerable than those of larger enterprises and that often do not have the time and money to invest in a comprehensive security solution. 

Additionally, hackers continue to change their techniques and adapt to recent improvements in network security, so small businesses face an ever-evolving set of external threats: spam, pharming, phishing, viruses, adware, key loggers, root kits ... the list goes on and on. But companies also face unintentional threats from the inside, as employees often engage in high risk network security behavior without even knowing it.

Here are the top five ways that employees unknowingly add fuel to the (in)security fire:

Responding to phishing and spam e-mails

Phishing scams and e-mail fraud can be more sophisticated than they seem and are ubiquitous security issues that at best annoy and at worst present a real threat to secure data. Phishers and spammers use tricky URLs (for example,, where two v's make the w, or, where the "L" is represented by the number one) that appear at first blush to be legitimate but actually direct users to malicious sights designed to steal personal information or install malicious code.

This kind of scam works more often than you might think. In 2007, a spoofed Better Business Bureau e-mail was sent to a variety of businesses with an attachment supposedly containing a complaint against that business in an RTF (Rich Text File).

When users downloaded and opened the attachment, they unknowingly ran an executable that installed a keylogger program (with a .pdf extension so the file looked innocent). This keylogger then uploaded stolen data to servers in Malaysia.

The take-home point is that employees need to be careful about what e-mails they open and what links they click on. If something looks suspicious, it probably is, so steer clear.

Checking personal Web mail at work

If a company has its own e-mail server, it will usually be set up with some form of anti-virus protection that scans all inbound e-mails to the server for viruses. Often, this only checks SMTP traffic, which is used by the mail server, leaving other protocols, such as HTTP, wide open.

Thus, when employees check their personal e-mail account via a Web browser using HTTP, this network traffic will bypass the virus-scanning setup for the company's e-mail server. A similar situation can occur for an FTP download. You must consider and scan all inbound traffic on your network for malware regardless of protocol.

Surfing and Downloading



The average worker admits to spending nearly an hour a day, outside of lunch and breaks, surfing the Internet for personal reasons. Unfortunately, a 2007 BBC story stated that one in 10 Web pages out of 4.5 million scrutinized by Google contained malicious code that could infect a user's PC.

Every file, picture or link that seems legitimate (as is the case with phishing scams) could end up downloading some sort of malicious code from the Web. Sometimes legitimate sites are hacked and infected with malicious code; other times, minor intentional misspellings in the URLs for legitimate sites lead to malicious sites.

For example, typing (instead of used to redirect to the sexually explicit site (although this redirect has since ceased to be successful). In addition to displaying inappropriate content for the workplace, porn sites are notorious for containing malware.

Downloading free stuff

Sure, if it is free and colorful, it is tempting to download. But the truth is spyware often comes hidden in free screen savers, videos and other tempting items to download. Even free spyware removal tools can come with spyware. When you download files and applications from unknown sources, you run the risk of getting unwanted extras. Which brings me to ...

Consuming bandwidth

Downloading images, swapping music files and streaming video consumes bandwidth. Peer-to-peer applications are notoriously bad because they open up multiple connections, taking more than their fair share of bandwidth. One person using BitTorrent for video can clog a DSL line and slow down the network to the point where critical business applications will become unusable.

The bottom line is that even the most well-meaning employee can unintentionally and unknowingly compromise the network by opening the wrong e-mail, surfing the wrong Web sites and downloading the wrong screen saver.

With all of the security threats out there, even the most mundane Internet task becomes a potential threat. Organizations need to protect their employees from Internet traps and provide multiple levels of defense including gateway security, desktop security, patch management, training, acceptable use policy, monitoring and backup just in case. It is this layered approach that best secures today's small and midsize business networks from others ... and themselves.

Dirk Morris is the founder and CTO of Untangle, which incorporates more than 30 open-source projects into a single open-source network gateway platform to stop spam, spyware, viruses and more. He can be reached at

Rocket Fuel