Your Employees and Their 917 Different Cloud Apps. Are You a Sitting Duck?

Tuesday, May 3rd, 2016

targeted duckEvery day someone in your company is using a cloud app. Actually, it is probably more like every minute. Let’s not go into the personal versus work devices on the company network, or whether it is Facebook or Dropbox they are using. Those details don’t really tend to matter when the access allowed is for your own business to decide. It is about the sheer number of cloud services and apps in use in the enterprise today, the visibility in knowing what they are, and the many employees who are left out of the conversation.

We hear managers talk about how it can’t happen to them. They have the best employees, and the discussion is unnecessary. It is already understood–they would NEVER do that! Or our favorite–big brother–the need to let your employees know you really trust them and respect their privacy by allowing them to do what they think they need to do on their own. But that’s not going to protect your business when malware hits or a breach happens . . . and the chances of these happening to you are growing exponentially every day, especially when you are not communicating security issues with your employees.

With all the headlines being about Shadow IT, malware, data loss, intrusions, and ransomware, you would think it would be a common workplace discussion. But based on some recent surveys, companies aren’t saying much internally.

Some numbers that may surprise you. What percentage of employees:

  • Have not been told the right way to download/use cloud applications: almost 60%
  • Have not been told risks of downloading cloud apps without IT’s knowledge: just under 40%
  • Have not been told how to transfer and store corporate data securely: over 40% !!!!

To keep things in perspective–studies are showing that on average, enterprises have 917 different cloud apps in use!

This is not a respect for privacy issue. It’s a security issue, for your business and for your employees! Keeping them in the dark does not show them respect or protect them, it makes them victims before anything even happens.

As technology gets stronger, we as individuals have more decisions on what we use to make our lives, including work, more efficient. But if you do not educate and communicate regularly about cyber threats with your employees, have real visibility into their Web usage, or have a clear, agile Acceptable Use Policy (AUP), you are basically a sitting duck.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit http://www.wavecrest.net.

 

*Stats based on surveys from Softchoice and Netskope.

Wavecrest, the leader in Web security, and Check Point have announced a partnership.

Thursday, August 13th, 2015

CF_Full_FWavecrest Computing, a leading global provider of advanced Web security solutions, and Check Point Software Technologies have announced a technology partnership.

Wavecrest’s Cyfin, along with Check Point log files, efficiently and accurately make for an easy-to-manage, cost-effective log file analyzer and reporter. This integration easily addresses collection and analysis of Web-use activity data by producing rapid, accurate, and actionable, manager-ready reports for audits, investigations, or distribution. Predefined reports, such as top users or sites, bandwidth, legal liability detail, and user audit detail, as well as the benefit for managers to run selected user reports by department, provide visibility into every aspect of enterprise Web-use activity. Learn more at: https://www.wavecrest.net

Monitoring Internet Usage … From the IT Department

Tuesday, January 31st, 2012

During July, August, and September of 2011, Commtouch assessed categories of Web sites most likely to be home to malware, below are the top ranking offenders.  The Portals category includes those sites offering free hosting which are often abused to publish malware and phishing content or will redirect to sites with this content.

What were the most-visited categories by your employees during 2011?

Are you currently monitoring and/or blocking the existing Spyware/Malicious, Phishing/Fraud, Public Proxy, and Hacking categories to help protect your network?

Source: Commtouch

In today’s wired workplace, internet security and bandwidth consumption are top concerns for IT professionals while employee productivity and legal liability ail management and HR professionals.  As a major contributor to the Web-use management effort, IT typically becomes deeply involved in planning, testing, selecting, installing, and administering Internet monitoring software.  With the different departments playing a role in deciding on the best product to fit their vast needs, most are left without a solution.  Fortunately, Wavecrest’s products have been reviewed by our customers as meeting each role’s needs most effectively, offering manager-ready, easy-to-interpret reports that can be accessed without the IT personnel in addition to providing a robust, truly scalable IT-friendly remedy.

With Wavecrest Computing, customers have the insight needed to proactively monitor / block the notorious malicious sites based on custom categories, the Wavecrest Control List, and a real-time deep packet analysis process.  Plus, our 19 comprehensive templates provide a variety of summarized and detailed Web-use activity reports on users, groups, categories, sites, acceptability ratings, and bandwidth consumption.  Conveniently import your current Web Use Policy to easily customize or classify categories, implement abuse thresholding, and monitor employee productivity while our Administrator and Operator Accounts allow for non-IT personnel to create and obtain their role-specific reports.

While serving a diverse mixture of commercial businesses, industrial firms, government agencies, military units, educational institutions, and non-profit organizations since 1996, our products continue to present the most up-to-date, proactive coverage in line with the one factor that underlies all Web-use management issues, human online activity. Wavecrest’s managers and developers understand human resource management well and we use that knowledge to develop features that prevent productivity losses, legal liability problems, network issues, and unnecessary costs.

What’s Hogging Your Company’s Bandwidth? Causes for Slow Network Speed this Holiday.

Friday, December 2nd, 2011

If you haven’t noticed, online holiday shopping lasts well beyond Cyber Monday.  According to a ComScore report, after the 2010 holiday shopping season, more than 85% of Americans online visited a retail site in December of last year.  Employees shopping online at work are likely causing critical applications, like Voice over IP (VoIP) and video conferencing, to perform poorly if at all.  The last thing you and your company need is network latency or slowdowns due to non-work related online activity.  Many of our clients are seeing a spike in bandwidth usage from shopping websites and have quickly taken measures to filter browsing to that category.  Which sites consumed the most bandwidth for your company this month?  Determine what factors are impacting your network speed before you decide to purchase more bandwidth – an expense that could be avoided with the right tools and a bit of discipline.

With 19 different types of highly customizable employee Web-use reports, Cyfin Reporter offer insights as to which types of traffic consume the maximum volume throughout the workday.  Monitor, filter, and report over 500 million Web pages in 74 categories and set throttling thresholds for sites that are slowing your company’s Internet speed with CyBlock Proxy.  Now is the time to address your poor network performance, slow applications, and bandwidth congestion.

We’re so sure you’ll benefit from our solutions that we offer a free 30-day product trial. Both products provide quantified data to help IT personnel keep track of bandwidth utilization by users as well as by type of usage (appropriate versus not so appropriate). After you’ve downloaded our products, take advantage of the User Comparison Trend Chart to detect unexpected spikes that could indicate excessive bandwidth or Web use.  Then review your Top Sites Bandwidth Chart (example seen below) and find out which ten sites are consuming the most bandwidth or had the most hits or visits for the time period you specify.

Top Sites Bandwidth Chart

 

Top Sites Bandwidth Chart for both Cyfin and CyBlock

Online Holiday Shopping Can Cost Your Business More Than Time

Tuesday, November 22nd, 2011

Online Shopping Risks

Cyber Monday is no more – in an uncertain economy, post-Thanksgiving online holiday shopping has increased since coined in 2005 and now lasts for one month with more than 50% of all online spending taking place during working hours1.  What does this mean for your business?  A large decrease in employee productivity, a boost in bandwidth consumption, and one of the most popular times for cybercriminals to attack your secure data.

Lost productivity can mean big bucks for your company, reducing employee output to a mere 60%2.  A survey by CareerBuilder states that more than half of the 4,000 respondents polled intend on shopping online while at work with one third of those planning for more than one hour each day, in addition to the two typical hours daily already reported by respondents (time excludes lunch hour and scheduled breaks).  If you do not have a Web-use policy or Internet Acceptable Use Policy (AUP) in place, one is necessary to help report, monitor, and prevent employee Internet abuse in addition to protecting your company from legal liability.

Downloading malware is another risk as employees use the Internet for personal reasons. Spyware and malicious code are big threats to company networks as they can consume bandwidth and compromise security.  Recent studies show that company networks are being infected with spyware and malicious code most often through employees surfing the Web; with the holidays increasing that risk, these threats make it imperative for companies to enforce an AUP to protect their networks. Wavecrest Computing suggests that companies monitor and/or filter employee Web use in order to better protect themselves from security threats. In addition to the inherent risks associated with hacking your online security – loss of company reputation, destruction of company data, and the downtime employees face while systems are restored – the costs to mitigate attacks are extraordinary and rising each year.  This year, U.S. companies are expected to spend more than triple the costs spent in 20063.

To ensure these threats do not happen to your company this holiday season, run through our checklist and remember to check it twice!

  • Install all applicable system and program updates to avoid malware from infiltrating any system frailty that could have easily been patched with an update.
  • Create a Web usage policy and clearly communicate it to your employees.
  • Be cautious prior to clicking on links to different websites particularly those found on social networking sites as they’re often a hotspot for malware.
  • Avoid the use of pirated / illegal software as many contain malware.
  • Never open email attachments from unknown senders and make sure to scan attachments you do decide to download.
  • Make steps to consistently back up your computer in the case that malware wipes your hard drive clean.
  • Monitor servers and security devices 24x7x365 for security issues and require preventative actions be taken on security threats in real time – this is where we come in!

CyBlock can be set up to block Web access by categories and by hour so employees can access shopping sites on their lunch break or after hours. This approach can help sustain morale while minimizing the risks associated with online shopping.  With Cyfin, you can monitor employees’ Web use to ensure that Web-use policies are followed or that unwanted spyware or malware is not downloaded as a result.  Let us guide you to a safer, more reliable, robust security solution with exceptional support at an unbeatable price!

Sources:

1http://blog.comscore.com/2011/11/cyber_monday_work_computers.html

2 http://www.wavecrest.net/editorial/costsavings.html

3http://money.cnn.com/galleries/2011/technology/1107/gallery.cyber_security_costs/index.html?iid=EL

 

Wavecrest Computing: Fourteen Years of Internet Monitoring and Filtering

Tuesday, November 9th, 2010

Wavecrest Computing, a leading developer of Internet usage management products, has now been in business for fourteen years. Since 1996, from their base in Melbourne, Florida, Wavecrest Computing has developed, marketed and supported a spectrum of innovative Internet monitoring and reporting solutions. Their products help all types of organizations manage employees’ online activities and ensure compliance with acceptable use policies. Starting fourteen years ago with a single customer, their client base has grown to more than 3,000 organizations, many of them Fortune 500 companies and high profile government agencies.

What makes Wavecrest stand out from competitors is their on-going commitment to customer service. When customers call, they talk to a real person from Wavecrest’s Melbourne, Florida location, and they get personalized attention. Their support personnel know that customer satisfaction is key to the company’s (and their own) success. For years these dedicated men and women have listened to Wavecrest customers and made sure that Wavecrest consistently delivers the products and services needed to meet the many dynamic challenges associated with use of the Internet in the workplace.

Those challenges have certainly evolved over the years. Examples include the very real and seriously increasing risks of social networking, video streaming and other Web 2.0 technologies that produce productivity losses, bandwidth drains, legal liability, and network security threats in the workplace.

As the Internet grows and the challenges escalate, Wavecrest has kept pace every step of the way.

Taking a look at Wavecrest’s product history, they started with a basic software application called ProxyReporter. It read and analyzed employers’ outbound Web logs. From that data, it then produced reports that helped management and IT monitor employees’ use of Web access.

As the Internet became more sophisticated, Wavecrest went on to develop a series of increasingly robust Web-use monitoring and filtering products designed to suit a variety of customers and network infrastructures. Their monitoring products now include Cyfin Reporter–a highly sophisticated and scalable logfile analyzer/reporter–and Cyfin Proxy, a standalone Web proxy/monitor/reporter. Their combination filtering/reporting products include CyBlock for ISA/TMG–a combination filter/reporter system for use with Microsoft ISA and TMG products–and CyBlock Proxy, a standalone proxy/filter/reporting solution.

Wavecrest’s latest innovation is CyBlock Appliance, a hardware based Internet-usage management device. Designed to monitor and help control use of all Internet protocols, CyBlock Appliance is a standalone proxy, monitor, filter and reporter.

Through the years, Wavecrest products have been well received and proven to be highly reliable and cost-effective. They are all backed with a 90-day money-back guarantee. Wavecrest frequently incorporates new features to keep up with the ever-changing Internet and marketplace demands. Dennis McCabe, VP of Business Development, states, “Our main goals at Wavecrest are to provide outstanding customer service and a reliable and robust product that stands above the competition.”

About Wavecrest
Founded in 1996, Wavecrest Computing is a recognized B2B leader in policy-based Web-use management solutions. The company’s products are relied on by IT personnel, HR professionals and business managers around the world to proactively address issues of Internet abuse, legal liability, security threats, workforce productivity and misuse of bandwidth. Wavecrest has been profitable since 1997, and sales have increased steadily since then. Among their more than 3,000 clients are Procter & Gamble, British Telecom, US Department of State, Edward Jones, IBM, IKEA, MillerCoors, Siemens, Burlington Northern Santa Fe Railway (BNSF) and a growing list of global enterprises and government agencies.

Stop A Pornography Surfing Problem Before It Starts: Why Monitoring Is Important

Friday, April 23rd, 2010

USA Today reported today that “several top Security and Exchange Commission staffers surfed porn sites as economy teetered.”  While many of us like to think that “everyone” knows it’s inappropriate to surf porn at work using the office computer, time and time again stories like these still pop up.  While whether or not to allow social networking in the office and how to control the use of these sites seems to be the big surfing topic today, apparently we still cannot forget about pornography.  Pornography poses several risks to businesses and government agencies. These include productivity losses, security issues and legal liability.  No matter how strict or lenient your acceptable use policy is, one thing is clear.  Communicating your Web-use policy and regularly monitoring employees’ Web use is important.  You want to stop the problem before it starts or turns into an employee spending “up to eight hours a day looking at and downloading pornography.”

Source: http://content.usatoday.com/communities/ondeadline/post/2010/04/ig-report-several-top-sec-staffers-surfed-porn-sites-as-economy-teetered/1

Few Employers Have a Social Networking Policy in Place

Thursday, February 4th, 2010

A recent report by Manpower found that very few companies have policies regarding social networking use.  In fact, only 29% of US companies have a formal social networking policy in place.  Social networks are not only time wasters, but they can pose serious security risks or damage a company’s reputation if employees post confidential or harmful material about the company.  No matter what an employer’s stance is on social networking use in the workplace, it is highly recommended to have a policy in place and educate employees on that policy. Joseph P. Paranac, a shareholder in LeClairRyan’s Labor and Employment Group has offered Web-use policy suggestions on what companies should include.

If you’re unsure whether or not you want to block social networking, we have also written a paper that addresses the issues surrounding social networking use in the workplace, the importance of creating a policy, and monitoring or filtering employee’s Web use according to that policy.

White Paper: Social Networking or Social Not-working?

Source: http://www.emarketer.com/Article.aspx?R=1007493

Wavecrest’s RealTimePlus Filtering

Thursday, January 28th, 2010

RealTimePlus is our customer-configurable three-layer filtering process. It uses three layers of screening based on: (1) custom categories, (2) the Wavecrest categorization (control) list and (3) a real-time deep packet analysis process.

1. Custom Categories (the “First Layer”). ‘Custom categories’ supplement the standard categories. This enables you to better identify and control your users’ Web activity.   For example, you can create a custom category to:

  • Serve as a “white list” that contains all sites to which visits are allowed (while blocking all others).
  • Track and possibly block access to ‘standard’ sites that are not in the Wavecrest URL List but are of special local interest or concern.
  • Serve as a “black list” that contains all sites to be blocked (while allowing access to all others).
  • Track (but not block) visits to internal servers (intranet sites) and/or partner sites.

You can add custom categories at the Advanced Settings – Category Setup – Custom Categories screen. Then use the Advanced Settings – Category Setup – Edit URLs screen to add sites into your custom categories.

2. The Wavecrest URL List (the “Second Layer”). To accurately identify and categorize the vast majority of visits, Wavecrest products use a large, mature categorization control list.  This ‘control’ list consists of 69 ‘standard’ content-identification categories that is updated daily with URLs from around the world.  We recommend that you download the list daily to get the best filtering and monitoring coverage.   You can setup an automatic daily download of the list at the Administration – URL List – Schedule screen.

Another great customization feature with the control list is that you can add and move URLs in the standard categories.  For example, if you use Twitter as a Marketing tool but want to continue to block all other social networking sites, you can simply add www.twitter.com to the Marketing category.  You can make this change at the Advanced Settings – Category Setup – Edit URLs screen.

Finally, set your block/allow policies for your custom categories and standard categories at the Advanced Settings – Filtering Settings – Block Web Categories screen.

3. Deep Packet Analysis (the “Third Layer”). Using real-time ‘deep packet analysis,’ CyBlock can determine if the content of a URL is Flash, video streaming, audio streaming, images, Active X and more.  Any or all of these could be considered “inappropriate” and can be blocked.  You can also add your own extensions to be blocked.  You can block these types of content or add your own at the Advanced Settings – Filter Settings – Block Web Content screen.

Other Features

1. Hourly Blocking. You can block or allow categories at specific hours during the day.  For example, you may want to allow access to some categories during the lunch hour. You can set these hourly policies by clicking on the clock icon at the Block Web Categories screen.

2. Customizable Blocking Message. CyBlock comes with a standard blocking message, but you can configure the product to point to your own Web policy or personalized blocking message.  You can set this custom message at the Advanced Settings – Filter Settings – Web Blocking Message screen.

Don’t Forget to Update Your Web-Use Policy

Wednesday, November 4th, 2009

There has been a lot of buzz surrounding the use of social networks, i.e., Facebook, Twitter, LinkedIn, etc.,  in the workplace recently.  This is a great reminder to all organizations to take a look at their current Web-use policies and update them.

Reuters covered a recent seminar put on by LeClairRyanon covering “Key Issues in Labor & Employment Law,” where the importance of a policy for social networks was discussed.  The speaker, Joseph P. Paranac, a shareholder in LeClairRyan’s Labor and Employment Group, stated, “Inappropriate and unwise use of online social networking sites like Facebook and Twitter is a growing source of liability risk for employers, including discrimination, defamation and retaliation claims.”

He went on to offer some Web-use policy suggestions for employers.

“In order to have a successful policy on the use of social networking sites, Paranac told the audience, employers should stipulate that:

  • Employees may not comment or use any confidential information about the employer or discuss internal matters.
  • Use of online social networks should be limited to non-working hours, unless the use is for legitimate business purposes.
  • Employees’ comments should not be discriminatory or harassing.
  • Similarly, they should not be disparaging or defamatory to the employer’s business.

The veteran attorney also offered the following elements of a successful Internet and e-mail policy:

  • Employees should be trained on electronic communications equipment parameters and prohibitions.
  • All business systems and company-issued electronic communication equipment and data belong to the employer.
  • Systems and equipment must be used for appropriate and lawful business purposes only.
  • Employee use is subject to review/monitoring by the employer and employees who use employer equipment have no expectation of privacy.
  • Use of systems and equipment for harassment, discrimination, or defamation is strictly prohibited.
  • Disclosure of employer confidential information is strictly prohibited.
  • Warn employees of the penalties or policy violations.
  • Obtain a signed acknowledgment of employee receipt of policy.
  • Include a procedure for reporting violations.
  • Enforce the policy!”

Read the full article: TWEET: ‘I’m About to Testify in My Defamation Case!’