Small Business Attack – Web Browsing
As much as we dislike it, a part of most people’s jobs these days involves waiting. Though they keep making computers faster and faster, there is still a bit of downtime involved. While in the past, this time might have been spent talking with coworkers, these days it is more likely to be spent online.
There are many ways to spend your time online, from shopping to reading news to social media. While there is nothing inherently wrong with being online, there are some concerns. From a business perspective, managers may be concerned about productivity. From a legal perspective, H.R. may be concerned about “inappropriate” sites. And, of course, from a security perspective, we would concerned that sites could be the source of a compromise of user data.
At issue is the fact that, while most malware runs directly on the computer, web malware can run inside the browser. If it doesn’t run locally, and is sourced from a web site, it cannot be blocked with traditional anti-malware (though newer malware is aware of this attack vector). If all the malware accesses is data, there isn’t a good way to identify valid data access from unintentional leaks.
So, how to you protect against this particular threat vector without completely banning employees from accessing the Internet? How do you manage to classify which websites are OK and which ones are not?