Adventure Multi Devices Sdn. Bhd.

We support Products compliant with :

Five tips for email and internet security.

Internet security is a major issue with all web users.

The information superhighway leads to major business efficiencies, but it also poses many risks. Leaving your email and web access gateway unprotected is a common security vulnerability. It puts more than your IT network at risk - your critical business information and profitability is on the line.

Tip 1: Ensure more than one line of defence

Malware, which includes spam, viruses, Trojans, worms and spyware, is the number one technology threat facing businesses of any size. Squarely targeted at stealing money from businesses over the internet, it’s getting more sophisticated and more frequent.

Malware can get into your computers via two main routes:

1. • at the desktop, from disk sharing or on USB memory sticks

2. • through the internet gateway, through the web proxy server (for web usage) or mail server (for email)

To have locks on every door, you need security at all levels – called defence in depth:

1. • on each desktop – anti-virus software

2. • on your network - server software or a security appliance

3. • outside your business network’s boundary, for both email and web traffic – either via your ISP or a managed service

Security at just one of these levels is like leaving a door wide open. It’s critical to close off all routes to suspect traffic like viruses, Trojans and spyware. The internet and email gateway is where most problems hit – and nearly all of these come from outside your business. Moreover, the new blended threats combine attack techniques, using multiple protocols such as both spam email and criminal websites, specifically designed to bypass security software solutions.

Online identity theft, a growing trend, has increased by 27 per cent in the last 12 months. One recent example is the Haxdoor Trojan which infected over 10,000 Australian computers, logging keystrokes and capturing usernames and passwords to harvest financial data – including online tax returns.

The Haxdoor Trojan was not detected by traditional anti-virus software so the only way most computer users knew their machines were infected was when money disappeared from their bank accounts.

ISPs and domain name registrars are now facing increasing pressure to take action against compromised computers on their networks that are engaged in illegal activities. However businesses should not rely on ISPs for protection.

One alternative is a managed service that identifies threats at the internet level and removes unwanted content and attacks before they enter your network. With no hardware or software required on the business premises, there is no complexity added to the existing infrastructure and no maintenance. Costs are fixed, with a single point of support around the clock and seamless, real-time protection – at the lowest total cost of ownership.

Recommendation: Make sure all routes into your business are secured – but especially the internet gateway where most threats enter.

Tip 2: Educate your users about the risks

Any time your employees access the web and email, your business assets, future and reputation is at risk. Accidental misuse—or intentional abuse—of email and the internet can create potentially costly and time-consuming legal, regulatory, security and productivity headaches for employers of all sizes in all industries.

End user ignorance about the new climate of threats, and about how to negotiate the information superhighway safely, is a vulnerability criminals are very successfully exploiting. Sixty per cent of businesses say a central challenge in IT security is not technology, but the education of users.1

More and more threats are socially engineered, targeting the actual user rather than the system itself. So as well as security software or appliances, every business needs to train staff in acceptable email and web use. Your Acceptable Usage Policy should include guidance on things such as:

1. • not misusing email – keeping it mainly for business use.

2. • what sort of personal use is allowed.

3. • being wary of unsolicited email.

4. • guarding against handing over confidential information.

5. • not downloading and installing unnecessary applications.

Employers in Australia have the legal right to dismiss email and web violators—but must clearly demonstrate that a fair process has been followed. This includes a clearly written and communicated Acceptable Usage Policy that complies with laws governing work relations, privacy, and addresses emerging technologies like instant messaging. Support your policy with training and monitoring so that enforcement and compliance is not left to chance.

Recommendation: Have an Acceptable Usage Policy that employees are aware of, have signed, and see the need for as a result of mandatory regular training. Prevention is better than cure!

Tip 3: Control web access

With an estimated one in every 33 websites being suspect, controlling web access is fundamental in terms of maintaining the uptime of your business, as well as ensuring productivity, fulfilling your duty of care for employees and legal compliance.

Research between 2002 and 2004 by IDC found that:

1. • companies lose up to $3,000 per year per employee due to non-business related internet activity

2. • 30-40 per cent of web access had nothing to do with the employee’s job, resulting in lost productivity and increased legal risks for employers.

Sites for online gambling, social networking, music downloading and peer to peer file sharing not only waste company time and valuable bandwidth, but are known to harbour threats.

As well as managing internet use through your business internet usage policy, web surfing rules can be enforced by blocking at the server level (via a firewall), or though a managed service.

A managed service has the advantage of ensuring the categorisation is always up to date and allows you total control over, all internet usage. It also frees up time and resources for professionals managing IT.

While Australia’s privacy legislation allows employers to monitor and survey web and email transmissions, employers are obligated to notify employees in advance that their computer use is being monitored or surveyed. In Acceptable Usage Policies, it is recommended that you articulate why you are monitoring, what types of violations you are looking for, and the consequences of breaches.

Recommendation: Make sure all staff know and stick to safe surfing rules, and monitor web access to ensure it’s not a drain on productivity or bringing in security threats. Block suspect sites through software or a managed service.

Tip 4: Stay ahead of threats

Because information security threats are continually evolving, all businesses need to stay alert to the security landscape – and keep abreast of the latest threats.

As someone responsible for IT security, it is imperative to subscribe to credible threat intelligence and alerts, such as those disseminated by computer emergency response teams (www.cert.org, www.auscert.org.au) and MessageLabs (www.messagelabs.com/Threat_Watch). Services such as these will ensure you are always kept up to date with emerging threats and are aware of the technologies to address them, taking into account your business needs.

When it comes to deploying a solution, all good security products or services will have comprehensive reporting features which provide a snapshot of security activity at regular intervals. Enabling such features is highly recommended. To combat emerging threats you need to have security technology that proactively identifies new threats and automatically updates on a regular basis.

The use of a managed service provides a particular advantage for small to medium businesses when it comes to proactive protection. Here you have the promise of a guaranteed security outcome for web and email supported by Service Level Agreements and infrastructure that eliminates all known and unknown threats at the internet level - without the need for internal IT resources.

Recommendation: Ensure your security technology proactively protects your organisation against the changing threat landscape.

Tip 5: Know your legal obligations

An employer is liable for wrongful acts committed by employees in the course of their employment – even if it is something not directly related to their job.

The starting point is that employers will generally be held responsible for the wrongful acts committed by employees in the course of their employment – even if it is something not directly related to their job.

Aside from the obvious fact that an employee who spends too much time on personal email or web surfing isn’t working hard enough, there are other risks. For example, many employees persist in accessing inappropriate material through work computers or circulating sexist jokes. This leaves management open to the charge of failing to provide a safe working environment or protect other employees from harassment or discrimination. Damages awards in discrimination claims are potentially unlimited.

Your Acceptable Usage Policy is the vehicle to make sure all workers are aware of both the employer’s and employee’s rights and responsibilities, the risks they need to avoid and what level of monitoring you have in place. Automated monitoring is recommended wherever possible, as this limits the amount of administration time and is less intrusive to the employee.

In addition, in Australia the retention of business information is regulated by a complex framework of legislation, so it is imperative to ensure that your records - which include emails - are properly managed. All businesses are recommended to seek legal advice to ensure compliance within their industry sector.

Recommendation: Put systems in place that automatically enforce your Acceptable Usage Policy and protect your organisation and your employees. Seek legal advice to ensure legal compliance.