Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management

    The Evils that Lurk in Idle Web Surf

    By
    Deborah Rothberg
    -
    May 11, 2006
    Share
    Facebook
    Twitter
    Linkedin

      While summer is almost upon us, theres never a worry over good or bad weather when it comes to clients heading out for some Web surfing. And what better place than the office to check out some sites?

      But for IT managers acting as life guards on the corporate beach, enforcing network health and safety rules can get dicey.

      The experience of IT pros and the results of a new survey show that most clients arent getting the message about security and the Web. Or perhaps, they just dont care.

      The seemingly casual act of Web surfing was thrust into the spotlight last month when an administrative law judge in New York City argued that a city employee had been unfairly penalized for browsing travel and entertainment sites on company time.

      The judge likened Web surfing to reading the newspaper or taking a personal phone call, an acceptable downtime activity so long as it does not affect job performance.

      However, a number of readers said the judge was missing a vital point: the individual workers responsibility to the security of the network and even to the enterprise itself through his or her behavior when computing.

      “What in the heck is this all about? What does that judge know? Absolutely nothing about security, I guess. If you let your employees surf all they want then you are just asking for trouble. I just feel sorry for the IS departments that have to put up with that,” eWEEK talkback commenter Tvantine responded in reference to the report on the ruling.

      Without fail, the disparity between users perception of the safety of sites and e-mails they click on and the actual safety of those clicks is great.

      Just ask Howard Graylin, a senior technical analyst at Southern Farm Bureau, in Ridgeland, Miss., who remembers spending an entire weekend in 2000 disinfecting and patching up the mess left behind by an employee who opened a message with the I Love You worm.

      “We all started getting e-mails with the I Love You subject line from a girl that pretty much nobody gets along with. I was confused, but by the time I got the third one, I became suspect that it was a virus. Yet, not before an employee had opened the e-mail and infected the whole group,” Graylin told eWEEK.

      “It took us two full days to get everything patched and re-secured. I had to drive back to my house, download the patch, store it on a CD, and drive back to work because we had to shut down all of our connections.”

      Analysts suggest this disconnect between IT and clients is an all-too-common experience.

      According to security vendor Websense, almost one in five (17 percent) of organizations have had an employee launch a hacking tool or a keylogger within their network, up from 12 percent in 2005.

      /zimages/2/28571.gifRead more here about the myth of “safe surfing.”

      These results will be released in the companys seventh annual Web@Work survey on May 15.

      The survey also will report that 19 percent of IT decision-makers indicated that theyve had employees work-owned computers or laptops infected with a bot.

      Four out of five (81 percent) respondents said their employees had received a phishing attack via e-mail or IM, and of those nearly half (47 percent) said their employees have clicked through—this result was up from 45 percent in 2005.

      “Although employee awareness of Web-based threats such as phishing attacks and keyloggers is improving, the vast majority of employees still do not know that they could fall prey to these types of social engineering tactics in the workplace,” said Dan Hubbard, senior director of security and technology research at Websense, of San Diego, Calif.

      A phishing trends study by Websense released in 2005 found that only 4 percent of surveyed employees reported that they had ever fallen for a phishing e-mail, while the IT decision makers polled argued this click-through number was closer to 45 percent.

      “Organizations need to implement a proactive approach to Web security, which includes both technology to block access to these types of infected websites and applications, as well as rigorous employee internet security education programs,” said Hubbard.

      Next Page: Taking a proactive approach to clients and security.

      Taking a Proactive Approach

      to Clients and Security”>

      Taking a proactive approach to clients and security

      Some security analysts suggest companies take a range of proactive approaches to protecting their networks from what they view as one of their biggest security threats: employee misunderstandings.

      While some companies implement Internet use or acceptable use policies, others pursue a more aggressive route by installing policing software.

      A popular product is put out by SpectorSoft, and used by more than 10,000 companies to monitor their employees computers and Internet surfing activities.

      “[These companies] primary concern is that the average employee with an Internet connection at work spends between one and two hours a day surfing the Internet, and typically more than half of that time spent is not work-related,” said Doug Fowler, president of anti-spyware vendor SpectorSoft.

      “And some employees are spending more than half of their work day goofing off on the Internet. Companies are looking to identify the worst offenders and turn wasted time into productive time, and our software helps them do this because it allows them to see exactly how their employees are spending their time on the computer.”

      Companies that have implemented the software feel that theyve both boosted productivity and reduced their time patching security breaches.

      “Very often, wed find that the problem with an employees computer was that theyd clicked on a bad file, often from downloading music. Theyd download virus and it was contact work to clean their stuff,” said Chuck Benedon, former executive vice president for compliance at Ashton Finance in Brookfield, Wis. He said the monitoring software reduced virus attacks.

      “We fired more than one employee for consistently violating our computer policy,” Benedon said.

      Similar reactions were echoed among posting on the Web-surfing judicial ruling.

      “I may be old-fashioned in this respect, but the Internet connection at ones job, like the telephone, is the property of ones employer, and using it, especially on work time, for personal purposes, is theft from ones employer,” commenter KHFleischer said.

      In the case in question, the city workers employers clearly felt the same.

      On May 5, despite the judges recommendation that he receive only a reprimand for disregarding warnings to not surf the Web on company time, Toquir Choudri was fired for Web surfing.

      “The penalty of termination is appropriate and not shocking to ones sense of fairness,” Schools Chancellor Joel Klein said in a statement.

      Check out eWEEK.coms for the latest news, reviews and analysis on IT management from CIOInsight.com.

      Deborah Rothberg
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×