Make sure employee online Christmas shopping doesn’t become a business security issue

(14/12/2009)

This Christmas, with online sales expected to reach £5 billion, perhaps shoppers can learn a few lessons from the Ghosts of the Charles Dickens classic, A Christmas Carol.

As the Christmas shopping season gets underway, most Internet users won’t benefit from a visit from the Ghost of Christmas Past to warn them of the dangers of online shopping – a perennial target of cybercriminals attempting to steal confidential financial and personal information from unsuspecting shoppers.

For those same online shoppers, a visit from the Ghost of Christmas Present would be sure to bring surprises. Two-thirds of all known web malware was discovered in 2008 alone, and that growth has continued unabated in 2009. The first half of 2009 saw a whopping 585% increase in phishing scams that targeted more than 300 recognised brands. Now, hackers are optimising popular search engine results (Zhu Zhu pets anyone?) to trick users into unknowingly downloading malware.

Considering that more than half of all employees use their work laptops to shop online, this becomes a major security issue for organisations. What happens when these employees bring malware back to the corporate network?

Desktop anti-virus with daily updates and firewalls with packet-layer inspection provide protection from some types of network threats. Yet they don’t provide the full protection needed to guard against dynamic web attacks that infect popular websites or phishing scams that take advantage of inherent user trust in legitimate sites, well-known brands and search engines. Drive-by malware downloads and fake alerts (such as “Your Flash player is out of date”) are now the leading vectors for infections, and to protect against those, organisations need an additional layer of web protection.

To augment their traditional defenses, organisations should consider a Web security solution that combines web content categorisation and deep threat analysis technologies to identify emerging and evolving threats. This will enable them the protect users from the latest threats regardless of where they are situated.

Today, the average website is made up of a dozen sub domains and URL links from servers that can be easily compromised by cyber criminals. To ensure the best protection, organisations need full visibility into all new and unknown web links through real-time URL analysis and categorisation. In turn, that intelligence must be immediately available to all users without requiring updates or other software downloads for protection. With this on-demand security intelligence, business users are protected at home, on the road or on the corporate network.

This holiday season don’t wait for a visit from the Ghost of Christmas Yet to come to tell you of the damage sustained by these threats to your organisations web security. Make a Christmas list that includes a next-generation Web defense for your 2010 budget. This year’s malware and phishing epidemic makes it unlikely you’ll get a “Bah Humbug” in return.

Related topics:  Hacking and intrusion prevention   Internet and Web security   Virus, Worm, Email security, spyware and malware 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources