Tag Archives: Legal Liability

Show cyber threats who is boss in 2018.

Last year went by so fast. In between everyone’s normal busy schedule, most of us had to deal with natural disasters of some kind. For us at Wavecrest, it was Hurricane Irma as well as an above average rainy season. For others, it was Harvey and Maria, as well as fires, flooding,  earthquakes, remnants of storms causing wind damage–the list last year seems to be endless.

2017 also brought on some notable cyber events with the Equifax breach as one of the top incidents. 2017 was definitely a year for the books. You may have also noticed a shift in the business digital threat protection messaging. We at Wavecrest noticed . . . because it shifted to what we have always focused on. People.

People are a big part of the cyber threats that take place in businesses. No matter how automated things are, there is always the aspect of human interaction–human vulnerability. Humans inherently have vulnerabilities. It’s not a fault of one individual over another; it’s not about how good your employees are. There is a point where a business owner, manager, or decision-maker has to come to terms with managing Web use for the sake of the business over “my employees wouldn’t do that” or “I trust everyone working for me.” It may be true that you have the most trustworthy employees, but mistakes happen . . . even to the best of us. Cyber criminals focus on the easiest route first to gain access to your systems. Many times this is the employee, or human, vulnerability.

So . . . the new year is here. What can be done to improve managing employee Web use? The key is to make sure you pay attention to the human endpoint because it is not always about a failure in the actual technology. The firewall is great but if you have a weakness with an authorized user, the hacker will get past the firewall. Defend the human endpoint.

Consider these as a starting point and build on each or all!

  • MONITOR YOUR EMPLOYEES’ WEB USE! Sorry. It had to be said. If you do not know what is happening, you will not be able to know why, when, or where it happened. And you will not be able to make an informed decision on how to stop it from happening again. Remember that many times the human error that allowed for a breach may have been habitual or reactive so the employee’s memory of how it happened may not be very clear. Make sure to have visibility into the actual Web activity.
  • Analytics. Really another part of monitoring but noted separately due its importance and the flexibility of what you should be able to view and analyze. Find a Web activity solution that allows you to see relevant, drill-down data when you need it. Trends, customizable charts, by user or group, and real-time information on activity and bandwidth use are all things you should be able to analyze easily. All will allow you to expose abnormalities in user activity, identify potential insider threat behavior, flag possible legal liability issues, assess trends for data breach exposure, and observe patterns for lost productivity.
    • Hits versus Visits. This one deserves a sub-bullet. Make sure the Web-use management solution you choose has clearly defined Hits vs. Visits. Hits consist of unsolicited traffic, such as ads, and are not a reliable tracking metric on its own. Visits give you uncluttered, relevant Web activity detail based on user clicks and are a critical component to understanding human behavior. The last thing you want to do is try and sift through a bunch of data that is not even really relevant to the employee’s actual Web activity.

  • Filter. Yup . . . another suggestion that has the “but my employees are awesome” stigma to it. BUT let me just remind you that this is something that will provide another layer of security from phishing, malicious Web links, and data loss. I got your synapses firing now, don’t I! Filtering allows you to block or restrict URL link clicks that an employee may not be aware are malicious. Hackers have become increasingly precise in how things look. Very convincing e-mails and Web links are not rare anymore; they are commonplace. It is not really all about making sure your employee isn’t streaming YouTube all day. Although that should be managed as well, it should all be under your control. Allow it, don’t allow it, throttle it, or open it all up. The solution you choose should allow you to do it all, in your own customizable way.

The point is that the human endpoint is still a leading way threats get into your network. It may be through phishing, a malicious ad, or use of a unsanctioned cloud application, or it may even be a human error such as the delay of updating software. Whatever the issue, you have to be as proactive as possible to protect your network. Educate your employees continuously, have a comprehensive Web activity solution in place, make sure your Acceptable Use Policy is current, make sure patch management is an active process, and hug your IT people regularly because they are usually some of the busiest and stressed people in your organization.

Here is to showing the cyber criminals who is boss in 2018! Happy New Year!

About Wavecrest

Wavecrest has over 20 years of proven history of providing reliable, accurate Web-use management and Advanced Log File Analyzer products across various industries. Managed Service Providers, IT specialists, HR professionals, Forensics Investigators, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage the human factor in business Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Trusted by large government and commercial organizations such as US-CERT Homeland Security, U.S. Department of Justice, USPS Office of Inspector General, National Grid, Johns Hopkins, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Don’t let size fool you.

smallpower

 

Don’t be fooled by the name–CyBlock Mini Appliance is powerful, comprehensive, and worth every inch of its compactness.

Maintaining visibility throughout your workforce is key to running a secure business today. Don’t settle on just any solution that really doesn’t meet your needs. If you need coverage for a remote office, have limited space either in your server room or in your office, or are struggling with how to keep your business secure with a limited IT budget, Wavecrest has more choices than ever. No matter what business size or industry type, CyBlock Mini Appliance is likely to be just what you have been looking for.

The powerful Mini Appliance provides the comprehensive Web-use security capabilities of CyBlock, including HTTP and HTTPS URL filtering, comprehensive detailed reporting, secure guest Wi-Fi services with captive portal, advanced threat protection, bandwidth management, cloud services management, as well as coverage for non-HTTP activity, e.g., P2P, torrents, IM, and e-mail. Get all of this in one compact and economical package. The general size of a Wi-Fi hub, the Mini allows you to put it in the corner, on your desk, or in that tiny space you have left in your packed server room!

As a cost-effective choice for any business type or size, the robust, yet compact Mini Appliance provides the leading-edge, comprehensive Web-use security capabilities of CyBlock. Designed to fit every business environment, the Mini Appliance can be paired with CyBlock Appliance or deployed on its own, depending on the required Web-use security solution needs.

For more information on CyBlock Mini Appliance or any of our other products, please contact us today!

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Wait Until You Hear How Many Hours a Day an EPA Official Confessed to Watching Porn at Work

Bad-Press-PublicityIn today’s world, many if not most employees have access to the Web at work. For the most part, that’s a good thing, and in some cases essential.  Unfortunately, that same access has a dark side. That’s because certain workers will inevitably visit illicit or risky Web sites, and such visits can expose the organization to serious legal liability.  The most troublesome sites are those devoted to pornography.  Sites devoted to gambling, illegal drugs, hate speech and criminal activity can also create legal issues, albeit to a lesser extent.  In addition to exposing the organization to legal liability, visits to inappropriate sites cause other serious issues such as lost productivity and wasted bandwidth.

To read the full article about the EPA official click here.

 

For more information about Wavecrest’s product offerings.

Toll Free:

877-442-9346 (U.S. and Canada) Ext. 3

E-Mail:

sales@wavecrest.net

Website:

https://www.wavecrest.net

            

Cyfin Release 8.8.3 and CyBlock Release 6.8.3 Now Available

We are pleased to announce the release of three new audit reports in the new versions of Cyfin and CyBlock, which can provide management with detailed Web-use data on specific employees. These audit reports could be of interest to corporate IT forensic personnel, law enforcement agencies, anyone in the legal community, and forensic criminal investigators. They are capable of processing large amounts of log file data and support several types of log file formats such as Blue Coat and IronPort. The new reports are as follows:

  • Search Terms Audit Detail – The report shows search terms that users entered on popular search engine sites such as Google. It includes an option to show “prefetched” search results that were performed as the user was typing. These results are referred to as keystroke searches. This report can be used as a tool to aid in forensic investigations. It also indicates the number of search terms entered and can give the details of a user’s keystrokes.
  • Denied Detail – The report shows the specific URLs to which users were denied access. The data is broken out by user. Each Web page attempt is displayed with its corresponding category. Denied attempts for a Web page can signify that the user may not be authorized to receive the page, the page may not have been found by the Web server, or the page may have been blocked for access. If you have Web filtering enabled, this report can verify that it is working and is a very useful supplementary tool for individual user audits.
  • Legal Liability Detail – The report shows the specific URLs of Legal Liability Web activity by user, that is, visits to only the Anonymous/Public Proxy, Cults, Drugs, Gambling, Hate and Crime, Malware, and Pornography categories that pose a legal liability risk. By reporting on only these categories, smaller, more focused reports are available to facilitate analyses, investigations, and audits related to legal liability issues.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.

Monitoring Internet Usage … From the IT Department

During July, August, and September of 2011, Commtouch assessed categories of Web sites most likely to be home to malware, below are the top ranking offenders.  The Portals category includes those sites offering free hosting which are often abused to publish malware and phishing content or will redirect to sites with this content.

What were the most-visited categories by your employees during 2011?

Are you currently monitoring and/or blocking the existing Spyware/Malicious, Phishing/Fraud, Public Proxy, and Hacking categories to help protect your network?

Source: Commtouch

In today’s wired workplace, internet security and bandwidth consumption are top concerns for IT professionals while employee productivity and legal liability ail management and HR professionals.  As a major contributor to the Web-use management effort, IT typically becomes deeply involved in planning, testing, selecting, installing, and administering Internet monitoring software.  With the different departments playing a role in deciding on the best product to fit their vast needs, most are left without a solution.  Fortunately, Wavecrest’s products have been reviewed by our customers as meeting each role’s needs most effectively, offering manager-ready, easy-to-interpret reports that can be accessed without the IT personnel in addition to providing a robust, truly scalable IT-friendly remedy.

With Wavecrest Computing, customers have the insight needed to proactively monitor / block the notorious malicious sites based on custom categories, the Wavecrest Control List, and a real-time deep packet analysis process.  Plus, our 19 comprehensive templates provide a variety of summarized and detailed Web-use activity reports on users, groups, categories, sites, acceptability ratings, and bandwidth consumption.  Conveniently import your current Web Use Policy to easily customize or classify categories, implement abuse thresholding, and monitor employee productivity while our Administrator and Operator Accounts allow for non-IT personnel to create and obtain their role-specific reports.

While serving a diverse mixture of commercial businesses, industrial firms, government agencies, military units, educational institutions, and non-profit organizations since 1996, our products continue to present the most up-to-date, proactive coverage in line with the one factor that underlies all Web-use management issues, human online activity. Wavecrest’s managers and developers understand human resource management well and we use that knowledge to develop features that prevent productivity losses, legal liability problems, network issues, and unnecessary costs.

Online Holiday Shopping Can Cost Your Business More Than Time

Online Shopping Risks

Cyber Monday is no more – in an uncertain economy, post-Thanksgiving online holiday shopping has increased since coined in 2005 and now lasts for one month with more than 50% of all online spending taking place during working hours1.  What does this mean for your business?  A large decrease in employee productivity, a boost in bandwidth consumption, and one of the most popular times for cybercriminals to attack your secure data.

Lost productivity can mean big bucks for your company, reducing employee output to a mere 60%2.  A survey by CareerBuilder states that more than half of the 4,000 respondents polled intend on shopping online while at work with one third of those planning for more than one hour each day, in addition to the two typical hours daily already reported by respondents (time excludes lunch hour and scheduled breaks).  If you do not have a Web-use policy or Internet Acceptable Use Policy (AUP) in place, one is necessary to help report, monitor, and prevent employee Internet abuse in addition to protecting your company from legal liability.

Downloading malware is another risk as employees use the Internet for personal reasons. Spyware and malicious code are big threats to company networks as they can consume bandwidth and compromise security.  Recent studies show that company networks are being infected with spyware and malicious code most often through employees surfing the Web; with the holidays increasing that risk, these threats make it imperative for companies to enforce an AUP to protect their networks. Wavecrest Computing suggests that companies monitor and/or filter employee Web use in order to better protect themselves from security threats. In addition to the inherent risks associated with hacking your online security – loss of company reputation, destruction of company data, and the downtime employees face while systems are restored – the costs to mitigate attacks are extraordinary and rising each year.  This year, U.S. companies are expected to spend more than triple the costs spent in 20063.

To ensure these threats do not happen to your company this holiday season, run through our checklist and remember to check it twice!

  • Install all applicable system and program updates to avoid malware from infiltrating any system frailty that could have easily been patched with an update.
  • Create a Web usage policy and clearly communicate it to your employees.
  • Be cautious prior to clicking on links to different websites particularly those found on social networking sites as they’re often a hotspot for malware.
  • Avoid the use of pirated / illegal software as many contain malware.
  • Never open email attachments from unknown senders and make sure to scan attachments you do decide to download.
  • Make steps to consistently back up your computer in the case that malware wipes your hard drive clean.
  • Monitor servers and security devices 24x7x365 for security issues and require preventative actions be taken on security threats in real time – this is where we come in!

CyBlock can be set up to block Web access by categories and by hour so employees can access shopping sites on their lunch break or after hours. This approach can help sustain morale while minimizing the risks associated with online shopping.  With Cyfin, you can monitor employees’ Web use to ensure that Web-use policies are followed or that unwanted spyware or malware is not downloaded as a result.  Let us guide you to a safer, more reliable, robust security solution with exceptional support at an unbeatable price!

Sources:

1https://blog.comscore.com/2011/11/cyber_monday_work_computers.html

2 https://www.wavecrest.net/editorial/costsavings.html

3https://money.cnn.com/galleries/2011/technology/1107/gallery.cyber_security_costs/index.html?iid=EL

 

Web Use in the Workplace: Risks and Solutions

Approximately 20% of personal Internet use at work poses potential threats to the employer. Web access in the workplace can be a valuable business tool, but it also carries significant risks. Check out our presentation that discusses the risks associated with Web use and why monitoring and filtering helps mitigate those risks.

 

Cut Costs with Wavecrest’s Internet Filtering, Monitoring and Reporting Products

It has always been important to know that your company’s resources are being used properly and to the best of their capability.  Businesses want to ensure that their employees are being productive and not wasting the organization’s time and resources.

Internet access is one of those resources that can easily be abused, costing an organization time and money. Internet filtering and/or monitoring with one of Wavecrest’s Cyfin or CyBlock products can help preclude or drive down costs in at least four areas: productivity, bandwidth, legal liability and security.

1. Productivity

  • The average worker admits to frittering away 2.09 hours per 8-hour workday, not including lunch and scheduled break-time (America Online and Salary.com survey, 2006).
  • The average employee costs a company $29.71 per hour (including salary, overhead costs, benefits, payroll taxes, etc.) —- United States Department of Labor Bureau of Labor Statistics — March 2010.
  • Lost productivity costs the company $59.42 per day per employee (2 hrs x $29.71).
  • Average employee works 240 days per year.
  • Yearly loss per employee is $14,260.80  (240 x $59.42)
  • Loss per 1000 employees is $14,260,800 per year.
  • Average cost for a Wavecrest Internet filtering or monitoring product with a 1000-employee license is $3,500 per year ($3.50 per user).

Conclusion:  Cost of a Wavecrest license is less than three tenths of one percent of the cost of lost productivity. A well-communicated Web-use policy, coupled with an effective monitoring product, greatly increases productivity in the workplace.

2.  Bandwidth

Reliable studies indicate that as much as 70% of a company’s bandwidth is being consumed by non-productive pursuits. Activities such as online video, audio streaming, downloading movies or MP3’s are especially damaging.  It is quite clear that eliminating or significantly reducing bandwidth abuse can improve network performance and preclude or decelerate the need for organizations to support increased bandwidth use.

3.  Legal Liability

Web-related legal costs typically result from employees visiting pornography sites.  Many studies show this to be a serious problem. In fact, according to research by Nielsen Online in October 2008, one quarter of employees who use the Internet visit porn sites during the workday.  Hits to porn sites are higher during office hours than at any other time of day, according to M.J. McMahon, publisher of AVN Online magazine, which tracks the adult video industry.

This type of activity puts the employer at serious risk of being sued by other workers who are offended or upset by being exposed to pornographic images. Such suits usually take the form of sexual harassment or hostile workplace litigation and can be very costly in terms of damage to reputation as well as legal costs.

4.  Security

Studies show that approximately twenty percent of personal use of the Internet by employees involves activities that pose potential threats to employer network security. Examples include file sharing, the use of malicious code, spyware and more. Like bandwidth abuse, the associated costs are difficult to quantify, but such activities can easily result in network disruptions or slowdowns and/or loss or compromise of proprietary data; these all come with a cost.

Stop A Pornography Surfing Problem Before It Starts: Why Monitoring Is Important

USA Today reported today that “several top Security and Exchange Commission staffers surfed porn sites as economy teetered.”  While many of us like to think that “everyone” knows it’s inappropriate to surf porn at work using the office computer, time and time again stories like these still pop up.  While whether or not to allow social networking in the office and how to control the use of these sites seems to be the big surfing topic today, apparently we still cannot forget about pornography.  Pornography poses several risks to businesses and government agencies. These include productivity losses, security issues and legal liability.  No matter how strict or lenient your acceptable use policy is, one thing is clear.  Communicating your Web-use policy and regularly monitoring employees’ Web use is important.  You want to stop the problem before it starts or turns into an employee spending “up to eight hours a day looking at and downloading pornography.”

Source: https://content.usatoday.com/communities/ondeadline/post/2010/04/ig-report-several-top-sec-staffers-surfed-porn-sites-as-economy-teetered/1

Social Networking or Social Not-working?

Social networking in the workplace is a major dilemma for today’s businesses. Does it help or hurt the organization? While some companies block social networking, some say it helps by enhancing collaboration among employees, partners and customers. Others say it hurts by draining productivity and bandwidth and creating legal liability and network security risks.

A survey conducted by Nucleus Research showed that 77 percent of workers who have a Facebook account use it during work hours. Of those who do use Facebook at work, 87% said they could not define a clear business reason for accessing the site and some reported using it as much as two hours per day.

So, in the face of all the countervailing views, just what is the best approach to the issue? Options include banning it altogether, using it with no restrictions, and employing it for business purposes only.

The short answer is, “It depends.”

That is, for any one organization, the answer really depends on management’s views on a number of issues. Among these are the nature and objectives of the business, organizational culture and managerial style, workforce morale factors, workforce demographics and skills, availability of technological solutions, and the need for external communications.

We are often asked about this issue.  So we developed this paper to share our knowledge and views. It explores various aspects of the issue, cites some relevant facts, and provides several recommendations. Our hope is that this information will help organizations that are struggling today with this contemporary and very important issue.

Read the full white paper: Social Networking or Social Not-working?