Tag Archives: employee monitoring

HR is best suited to bring all company stakeholders together to ensure safe and productive Internet access

employee Web-use management

My discussion here is about the suitability of HR being the hub for employee Web-use management where all company stakeholders are brought together to ensure safe and productive Internet use by all employees. For one, HR’s expertise typically includes personnel policy, codes of conduct, labor relations, workforce training, legal compliance issues, and workforce morale, all of which relate to the employee Web-use management issue. Because of their expertise in policy, training, and processes, HR is in the best position to coordinate the tasks of proposing and developing solutions to ensure that employee Web use is properly managed. After all, Web-use management is not just an IT issue. It is all about employee behavior, productivity, and morale. What Internet-use people issues are you seeing in your company? How are you solving them?

Communication is key in HR’s collaboration with managers, IT, and employees in the company. Starting at the top of the company, HR can educate senior managers on the importance of employee Web-use management, get their input, and keep them involved. By collaborating with IT whose access to highly accurate Web-use reporting and filtering tools can produce easy-to-consume Web activity data, HR can keep upper management apprised of pertinent employee Web behavior. This allows HR to contribute to the organization’s profitability and help keep the company out of severe legal difficulty–important business objectives for senior managers.

As the focal point in the employee Web-use management effort, HR can also schedule Web-use training programs for managers and employees, coordinating with Legal, IT, or department managers who observe a need or have the specific knowledge to train the workforce. Training could include instruction on the proper use of network resources, how to recognize a phishing e-mail message, how to detect malware symptoms, how to recognize and report other online threats, and other Web-use topics. Essentially, training would teach employees how to use Web access productively and safely. In this way, all areas of the company play an important role in proper network resources and policy training that would have a significant impact on corporate Web security. Are these types of training programs taking place in your company?

Another HR task would be to communicate the company’s Acceptable Use Policy (AUP) to the workforce by providing it in writing or electronically, requiring a signature to indicate acceptance of the policy. If you do not have a policy, HR, in collaboration with IT, Legal, and senior managers, would be well-suited to establish a sound AUP consistent with your company’s culture. Once the policy is created, HR can work with functional managers and IT to ensure optimum implementation of the policy. As Web activity is analyzed over time, HR can revise the policy as necessary. Managers and HR would work together to ensure employees are complying with the Web-use policy. Along with managers, HR would be involved in specific cases of policy noncompliance.

In communicating the policy to the workforce, HR would focus on promoting the interest of the company as a whole, while helping to maintain or improve employee morale. Managing employees’ use of Web-access resources is a sensitive and complex task, one that involves communicating with all groups–senior managers, managers, IT, and employees–and deals with policy, training, and continuous improvement processes. With HR as the hub, the continuous improvement process would involve the frequent review of employee Web use, new Web services introduced into the network, and new security threats, as well as modification of work processes and appropriate revision of the AUP.

All areas of the company can help manage employee Web use effectively. In the next articles, we will examine more closely IT’s role in employee Web-use management, the requirements of an effective Web-use management program, developing a sound AUP consistent with corporate culture, and other topics related to the human factor of data security.

Please let me know your thoughts on and reactions to this article and my questions by adding a comment. If HR is leading the Web-use management efforts in your business, in what other ways are they collaborating with others in the company?

Show cyber threats who is boss in 2018.

Last year went by so fast. In between everyone’s normal busy schedule, most of us had to deal with natural disasters of some kind. For us at Wavecrest, it was Hurricane Irma as well as an above average rainy season. For others, it was Harvey and Maria, as well as fires, flooding,  earthquakes, remnants of storms causing wind damage–the list last year seems to be endless.

2017 also brought on some notable cyber events with the Equifax breach as one of the top incidents. 2017 was definitely a year for the books. You may have also noticed a shift in the business digital threat protection messaging. We at Wavecrest noticed . . . because it shifted to what we have always focused on. People.

People are a big part of the cyber threats that take place in businesses. No matter how automated things are, there is always the aspect of human interaction–human vulnerability. Humans inherently have vulnerabilities. It’s not a fault of one individual over another; it’s not about how good your employees are. There is a point where a business owner, manager, or decision-maker has to come to terms with managing Web use for the sake of the business over “my employees wouldn’t do that” or “I trust everyone working for me.” It may be true that you have the most trustworthy employees, but mistakes happen . . . even to the best of us. Cyber criminals focus on the easiest route first to gain access to your systems. Many times this is the employee, or human, vulnerability.

So . . . the new year is here. What can be done to improve managing employee Web use? The key is to make sure you pay attention to the human endpoint because it is not always about a failure in the actual technology. The firewall is great but if you have a weakness with an authorized user, the hacker will get past the firewall. Defend the human endpoint.

Consider these as a starting point and build on each or all!

  • MONITOR YOUR EMPLOYEES’ WEB USE! Sorry. It had to be said. If you do not know what is happening, you will not be able to know why, when, or where it happened. And you will not be able to make an informed decision on how to stop it from happening again. Remember that many times the human error that allowed for a breach may have been habitual or reactive so the employee’s memory of how it happened may not be very clear. Make sure to have visibility into the actual Web activity.
  • Analytics. Really another part of monitoring but noted separately due its importance and the flexibility of what you should be able to view and analyze. Find a Web activity solution that allows you to see relevant, drill-down data when you need it. Trends, customizable charts, by user or group, and real-time information on activity and bandwidth use are all things you should be able to analyze easily. All will allow you to expose abnormalities in user activity, identify potential insider threat behavior, flag possible legal liability issues, assess trends for data breach exposure, and observe patterns for lost productivity.
    • Hits versus Visits. This one deserves a sub-bullet. Make sure the Web-use management solution you choose has clearly defined Hits vs. Visits. Hits consist of unsolicited traffic, such as ads, and are not a reliable tracking metric on its own. Visits give you uncluttered, relevant Web activity detail based on user clicks and are a critical component to understanding human behavior. The last thing you want to do is try and sift through a bunch of data that is not even really relevant to the employee’s actual Web activity.

  • Filter. Yup . . . another suggestion that has the “but my employees are awesome” stigma to it. BUT let me just remind you that this is something that will provide another layer of security from phishing, malicious Web links, and data loss. I got your synapses firing now, don’t I! Filtering allows you to block or restrict URL link clicks that an employee may not be aware are malicious. Hackers have become increasingly precise in how things look. Very convincing e-mails and Web links are not rare anymore; they are commonplace. It is not really all about making sure your employee isn’t streaming YouTube all day. Although that should be managed as well, it should all be under your control. Allow it, don’t allow it, throttle it, or open it all up. The solution you choose should allow you to do it all, in your own customizable way.

The point is that the human endpoint is still a leading way threats get into your network. It may be through phishing, a malicious ad, or use of a unsanctioned cloud application, or it may even be a human error such as the delay of updating software. Whatever the issue, you have to be as proactive as possible to protect your network. Educate your employees continuously, have a comprehensive Web activity solution in place, make sure your Acceptable Use Policy is current, make sure patch management is an active process, and hug your IT people regularly because they are usually some of the busiest and stressed people in your organization.

Here is to showing the cyber criminals who is boss in 2018! Happy New Year!

About Wavecrest

Wavecrest has over 20 years of proven history of providing reliable, accurate Web-use management and Advanced Log File Analyzer products across various industries. Managed Service Providers, IT specialists, HR professionals, Forensics Investigators, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage the human factor in business Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Trusted by large government and commercial organizations such as US-CERT Homeland Security, U.S. Department of Justice, USPS Office of Inspector General, National Grid, Johns Hopkins, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Is your business’ human operating system secure?

Everyone is worried about operating systems, whether it is network operations, business operations, or a desktop operating system. The functionality of these intricate parts of your business are critical. But have you thought about your employees and how they operate? Today, your human operating system needs to be more than just making sure your employees are doing their job. Human vulnerabilities are a primary target for cyber criminals. Your human operating system, or the human factor, needs to be manageable and efficient, with tools in place that proactively support an open, yet secure, digital work environment.

Insider threats can be found at the top of headlines almost every day. Listen carefully to what each event tells you. It can happen to you, no matter how big or how small your business is. You don’t have to be a government organization to be susceptible to an insider threat. Insider threats can be a malicious employee who may be upset at the company, a good employee who just makes a mistake, or a targeted employee who unknowingly allows a malicious user into the network or access to proprietary data. Whatever the cause, there has to be tools in place to combat these human factor Web-use risks.

The human factor in business Web use is complicated in many ways. Hackers target natural human vulnerabilities and mistakes happen, employees can be sensitive to being singled out or afraid to admit the mistake, and fully blocking all access in today’s digital work world will likely just limit productivity and upset employees. The key? Visibility into the human factor. See how and when your employees use their Internet access. With that visibility into Web-use detail, you can then manage the usage to fit your unique business needs and gain a comprehensive, proactive way to secure and protect your business.

Securing and managing your enterprise’s human operating system in a proactive and efficient manner will help reduce cyber risks, such as phishing, malware intrusions, ransomware, data loss, employee misuse, legal liabilities, bandwidth hogs, shadow IT, and more. Find a solution that fits your business and your budget. Make sure it is flexible, easy to use, and easy to manage, allowing you to secure and shape employee Web-use–on your terms.

About Wavecrest

Wavecrest has over 20 years of proven history of providing reliable, accurate Web-use management and Advanced Log File Analyzer products across various industries. Managed Service Providers, IT specialists, HR professionals, Forensics Investigators, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage the human factor in business Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Trusted by large government and commercial organizations such as US-CERT Homeland Security, U.S. Department of Justice, USPS Office of Inspector General, National Grid, Johns Hopkins, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Employees are like Hacker Candy

Employees are still the central part of all our businesses. Even with all the technology, we still have people to run the operations. The human component of our business is the goal for most hackers. It is easier to find the human weakness than it is to find a network flaw. This human point of infiltration still needs attention, even when you feel your business is secure.

Hackers are smart and agile. It’s a full-time job for them. They don’t get called into meetings, get distracted by co-workers, or have to worry about receiving their W-2 in time for their tax advisors. Their focus is to get into your network using those distractions against your employees. Your employees are busy and focused on what they have to get done, many juggling multiple responsibilities. Hackers like these employees; it’s like candy to them.

Is there any one solution that will remove all risks? No. But there are ways you can help your employees protect themselves and your network. Ransomware, insider threats, phishing–there are so many threats that can halt operations that are critical to your business success. Be aware, prepare.

A combination of defenses helps you reduce the risks we all face in business today. Don’t assume one will solve everything. Develop multiple layers of proactive security. This can include anything from making sure your Acceptable Use Policy (AUP) is current or having consistent employee training, to firewall and virus protection, to Web-use comprehensive monitoring and filtering solutions.

It is also important to have a recorded and tested recovery plan in place. Make the assumption that a breach will happen. This way you are prepared. Most importantly, maintain current backups. Make sure that the backups are not accessible through your network!

The “one” solution to protect your business just doesn’t exist. Maintain a combination of defenses and solutions to cover as many risks as possible. Being proactive will pay off in the long run.

Trusted for over 20 years, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Don’t let size fool you.

smallpower

 

Don’t be fooled by the name–CyBlock Mini Appliance is powerful, comprehensive, and worth every inch of its compactness.

Maintaining visibility throughout your workforce is key to running a secure business today. Don’t settle on just any solution that really doesn’t meet your needs. If you need coverage for a remote office, have limited space either in your server room or in your office, or are struggling with how to keep your business secure with a limited IT budget, Wavecrest has more choices than ever. No matter what business size or industry type, CyBlock Mini Appliance is likely to be just what you have been looking for.

The powerful Mini Appliance provides the comprehensive Web-use security capabilities of CyBlock, including HTTP and HTTPS URL filtering, comprehensive detailed reporting, secure guest Wi-Fi services with captive portal, advanced threat protection, bandwidth management, cloud services management, as well as coverage for non-HTTP activity, e.g., P2P, torrents, IM, and e-mail. Get all of this in one compact and economical package. The general size of a Wi-Fi hub, the Mini allows you to put it in the corner, on your desk, or in that tiny space you have left in your packed server room!

As a cost-effective choice for any business type or size, the robust, yet compact Mini Appliance provides the leading-edge, comprehensive Web-use security capabilities of CyBlock. Designed to fit every business environment, the Mini Appliance can be paired with CyBlock Appliance or deployed on its own, depending on the required Web-use security solution needs.

For more information on CyBlock Mini Appliance or any of our other products, please contact us today!

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Interesting to watch, yes. Useful to you, the customer . . . resounding no.

pillows fighting

When you watch two big companies argue, it tends to become interesting. We think so anyway! Zscaler pushes for cloud versus appliance benefits, while Forcepoint pushes back with Zscaler’s expensive, hidden costs with limited options. We admit they each get some points for effort. Why then do we watch with interest? Because Wavecrest tends to stay out of the fray with not only all the options you need for your distributed and unique workforce, but the pricing that will allow you to see ROI almost immediately.

Forcepoint definitely represents the changes that have happened since the Raytheon acquisition of Websense. Websense customers may very well be feeling some pinch this year since the acquisition’s changes are finally kicking in. Support or customer service people are hard to get a hold of. When renewal time comes around, the pricing, contract terms, or even the product lines have changed, and more. Hesitate before you sign on. You probably don’t need the entire package being pushed or to pay the add-on prices for things like SSL inspection or technical support that should already be included in the first place!

Zscaler, on the other hand, is on a mission to destroy the idea of hardware for your Web security. We disagree. A hardware option can play a critical role in the security of your business. In fact, our CyBlock Appliance is very popular and is consistently updated with new capabilities to protect your business against today’s always changing cyber threats — and the updates come at no additional cost to our customers!

Stop having to choose from limited options, or having to purchase more than you require because of all-in-one packages. Don’t get talked into believing that you are wrong to still want hardware instead of SaaS, or that you have to pay more for services or technical support you deserve. We have a solution and deployment that fits all workforce configurations. Purchase CyBlock Appliance and then add a remote office or roaming users. Great! CyBlock Hybrid will cover you. Purchase CyBlock Software and add another office in Italy? Grande! CyBlock Software is there for you without paying for an additional software license. Looking for a deployment requiring no hardware or software to buy and install, and no ongoing maintenance . . . CyBlock Cloud will be your solution.

Get involved in the process again. Become not just our customer but part of our family, knowing that we think of you first, listen, and react. You are our focus . . . not competing Goliaths or hardware bashers.

Wavecrest has cost-effective, comprehensive, agile, and reliable solutions for your employee Web-use security and analytics needs, ranging from software and hardware deployments to cloud and hybrid deployments–all with U.S.-based technical support included. No matter your business size, industry, or distributed workforce, Wavecrest has a solution for you. Leave the high prices and complicated contractual terms, hidden fees for technical support or product updates, and all the confusion (and arguing) behind. Let Wavecrest focus on your business and your specific requirements. Talk to us today.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services and guest Wi-Fi networks, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. Proud GSA contract holder for over 16 years and counting. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Time for a change . . . for the better.

culturechange2

Changes are finally showing at Forcepoint since the Raytheon acquisition of Websense. We know Websense customers are feeling some pinch this year since the Raytheon policies are now kicking in. Support or customer service people are harder to get a hold of. When renewal time comes around, the pricing, contract terms, and even the product lines have changed, and more.

Hesitate before you sign on again. Why should you pay extra for add-ons that should already be included in a Web-use security solution, like SSL inspection and U.S.-based technical support? Or why should you pay for a cloud solution that does not have the reporting detail that makes it a useful tracking or investigative tool? Research your options. It may well be time for your own change — to a stable, customer-centric Web-use security solution vendor like Wavecrest Computing.

Wavecrest has cost-effective, comprehensive, agile, and reliable solutions for your employee Web-use security and analytics needs, ranging from software and hardware deployments to cloud and hybrid deployments–all with SSL inspection, forensic-level reporting detail, and U.S.-based technical support included. No matter your business size, industry, or distributed workforce, Wavecrest has an easy-to-setup and easy-to-manage solution for you. Leave the high prices and complicated contractual terms, hidden fees for technical support or product updates, and all the confusion behind. Let Wavecrest focus on your business and your specific requirements. Talk to us today.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services and guest Wi-Fi networks, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. Proud GSA contract holder for over 16 years and counting. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Security should make you feel secure . . . right?!

big_fish_little_fish

It is important to note that many companies are acquired every day, and this can be a good thing . . . for them. Or maybe not . . . “According to collated research and a recent Harvard Business Review report, the failure rate for mergers and acquisitions (M&A) sits between 70 percent and 90 percent,”Business Review Europe, 2015. More importantly for you as customers, many companies that are acquired leave old customers behind, picking up the pieces of what is left of good service, good prices, good products, and even good friendships.

Service is a critical part of finding the right vendor, especially in security today. There are just too many risks out there that SMBs don’t have the time to fully educate themselves about–they just want to go about their business. So for these SMBs, it is more important to rely on a vendor who they know and trust. When this type of service ends, it can be a major disruption requiring many businesses to decide to deal with the higher prices, more complex contracts, and foreign-based service people with endless ticket systems and long wait times.

About a year after the vendor is acquired, the new corporation’s policies really kick in, and customers start getting a good idea of changes. Renewal time comes around and instead of your vendor team member calling you to talk about how everything is and if there are any changes to your needs, you get an invoice with extensive terms and conditions that you need to hire a lawyer to understand. Prices increase and you wonder if it is not just to pay for all the terms and conditions being written!

What once was one of your favorite products becomes a burden. Product names change, product lines are cancelled or combined with new product lines, and the confusion builds. Cybersecurity industry acquisitions are becoming hard to follow. One is bought by another, to be bought by another, and then another that has already bought five other companies . . . names mix, divisions are formed, and old relationships are destroyed.

Security for your business should make you feel secure. It should not be something that holds you back or gobbles you up. Don’t be fooled by the promises vendors make just to hold onto you so that they can raise prices at renewal time. You got into business to focus on what you do. It should not be about keeping up with the fine print of enterprise security, the in and outs of the industry acquisitions, confusing contract terms, and high prices. Find that vendor who will become your “stable go-to.” Get a security vendor that makes you and your business feel secure.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Wavecrest Computing announces CyBlock Hybrid’s new reporting features.

 

Wavecrest Computing announces new reporting features are now available in the CyBlock Hybrid deployment. Reporting features, Real-Time Monitor and Dashboard Charts, can easily be accessed for both your CyBlock Cloud and local  CyBlock configurations. This enhancement allows the customer to easily monitor and develop reports on users, both local and remote.

Use Real-Time Monitor to see remote users’ current Web activity, or use Dashboard Charts to check on- or off-premises Web traffic trending by users, groups, categories, or denied and allowed traffic. Run a report for management or an audit that can include cloud, local, or all configurations. The new features proactively increase your administration capabilities while reducing the time you spend on Web management tasks.

The CyBlock Hybrid deployment is used when an on-site CyBlock installation is paired with CyBlock Cloud to provide coverage of remote users with the convenience of local administration for all users. Contact us for more information today!

Constantly improving, developing, and enhancing to make your Web security more efficient, Wavecrest Computing has been the recognized leader in Web Security Solutions for over 19 years. Wavecrest’s scalable filtering and forensic reporting analysis product lines, CyBlock and Cyfin, are designed to enable organizations to successfully address Internet abuse, legal liability, shadow IT, workforce productivity, malware, and many other Web security threats.

Cloud Hybrid Reporting
CyBlock Cloud – Hybrid Report

 

Another exciting new enhancement from Wavecrest…Cyfin Automatic Log File Detection!

Wavecrest Computing is excited to announce a new enhancement to our Cyfin Log File Analyzer Solution, Automatic Log File Detection. This enhancement allows for the easy setup and import of log files by automatically analyzing and matching the closest suitable log file types. You no longer have to worry about making sure you select the correct log file type manually before importing. All you have to do is locate your log file and select. Cyfin Automatic Log File Detection will display a short list of matches with sample data in fields, allowing you to select from the list the best log file type ensuring you are getting the best match available.

Constantly improving, developing and enhancing, to make your Web security more efficient, Wavecrest Computing has been the recognized leader in Web Security Solutions for over 19 years. Wavecrest’s scalable filtering and forensic reporting analysis product lines, CyBlock and Cyfin, are designed to enable organizations to successfully address Internet abuse, legal liability, shadow IT, workforce productivity, Malware, and many other Web security threats.

automatic logfile analysis