Mitigating web and email risks
The web has become crucial to modern enterprise and increasingly demonstrates a willing to collaborate online; in fact web collaboration is seen by many enterprises to be vital to future business success. While the web provides an ideal environment for collaboration, it also poses risks, particularly in terms of the leak of sensitive information which is exacerbated by social media. So it is essential that businesses recognize these threats and take actions to mitigate them. Here we suggest a number of simple measures that can be taken in order to stay safe.
The first of these is to develop a corporate policy and ensure that all employees adhere to it. This should focus on what is and isn’t permitted and should be regularly reviewed.
Spyware is a serious problem though there are many ways of fighting it. For instance is can be halted at the gateway; it can be stopped at an individual workstation; it can be prevented from connecting home; and it can be stopped by detecting and eliminating active content from documents.
Every day there are literally millions of new websites of a dubious nature, and it is important that these are blocked. This can be achieved by URL filters using public database sources and personal blacklists.
Container files are always potentially dangerous, for instance an ordinary looking spreadsheet could be a vehicle for transmitting a virus. Zip files are particularly hazardous as a single one could infect a system with literally hundreds of malware items.
It is also important to be vigilant regarding outbound documents. For instance it is quite possible for an employee to accidently include sensitive information, say a spreadsheet in a word document; customer information in a ZIP file; metadata that includes all of the revisions a document has undergone. In order to deal with both of these problems is it important that all container files are examined for hidden content and any that is detected should be removed.
As well as the potential dangers in downloads, there are also risks in uploads, particularly in the case of social media. Cloud based services such as Dropbox exacerbate the problem of sharing and leaking sensitive information. There are also potential copyright problems when employees share media files.
The benefits of social networking have been recognized by many organizations both for employee motivation and customer contact. However they can also have a negative impact on productivity if employees become over-involved in them. Time spent using social networks should be monitored and controlled.
Many of the dangers inherent in email can be dealt with through a secure email gateway either on- premises or a hosted email gateway in the cloud. For instance the Mimecast email security system provides cloud based email that is essentially totally free from risk. It includes email encryption, eliminates threats and is completely compliant with all data security requirements.