Five Ways Your Best Employees Can Compromise Your Network ... And Not Even Know It

Without the right management policies and training, any company, large or small, can find itself in a security mess. Dirk Morris, CTO of Untangle, tells you what can happen and how to avoid the problems that would otherwise result.


"I'm a small business. No one is going to bother trying to hack my network."


In fact, 56 percent of small businesses surveyed by the Small Business Technology Institute had at least one security incident in the previous 12 months. More and more, instead of going after the big boys, cyber-criminals are attacking small businesses that have systems that are often more vulnerable than those of larger enterprises and that often do not have the time and money to invest in a comprehensive security solution.

Additionally, hackers continue to change their techniques and adapt to recent improvements in network security, so small businesses face an ever-evolving set of external threats: spam, pharming, phishing, viruses, adware, key loggers, root kits ... the list goes on and on. But companies also face unintentional threats from the inside, as employees often engage in high risk network security behavior without even knowing it.

Here are the top five ways that employees unknowingly add fuel to the (in)security fire:

Responding to phishing and spam e-mails

Phishing scams and e-mail fraud can be more sophisticated than they seem and are ubiquitous security issues that at best annoy and at worst present a real threat to secure data. Phishers and spammers use tricky URLs (for example,, where two v's make the w, or, where the "L" is represented by the number one) that appear at first blush to be legitimate but actually direct users to malicious sights designed to steal personal information or install malicious code.

This kind of scam works more often than you might think. In 2007, a spoofed Better Business Bureau e-mail was sent to a variety of businesses with an attachment supposedly containing a complaint against that business in an RTF (Rich Text File).

When users downloaded and opened the attachment, they unknowingly ran an executable that installed a keylogger program (with a .pdf extension so the file looked innocent). This keylogger then uploaded stolen data to servers in Malaysia.

The take-home point is that employees need to be careful about what e-mails they open and what links they click on. If something looks suspicious, it probably is, so steer clear.

Checking personal Web mail at work

If a company has its own e-mail server, it will usually be set up with some form of anti-virus protection that scans all inbound e-mails to the server for viruses. Often, this only checks SMTP traffic, which is used by the mail server, leaving other protocols, such as HTTP, wide open.

Thus, when employees check their personal e-mail account via a Web browser using HTTP, this network traffic will bypass the virus-scanning setup for the company's e-mail server. A similar situation can occur for an FTP download. You must consider and scan all inbound traffic on your network for malware regardless of protocol.