Managing Risks Associated with Employee Computer Usage

1
Managing Risks Associated with Employee Computer
Usage
Kurt Shaver
2
Traditional Areas Still Growing
3
(No Transcript)
4
Agenda

• Introduction
• Defining the Risks
• Managing the Risks
• Whats in YOUR Network?

5
Websense Credentials

• 10 years in business
• 20,000 customers
• 16.5 million end-users
• Government, Education, Corporate
• Patented Technology
• Awards
• PC Magazine Editors Choice
• Forbes Top 25 Tech Companies
• 8 on Business 2.0 100 Fastest Tech Companies

6
Defining The Risks
7
The tip of the iceberg
PORNOGRAPHY
Instant Messaging (IM)
Hacking Tools
Spyware
Web Storage Sites
Mobile Malicious Code
Peer-to-Peer File Sharing (P2P)
Streaming Media
8
Employee Computing Risks
MARKET TRENDS SOLUTIONS

•  

1. Security Risks
2. Legal Risks
4. Productivity Risks
3. Network Bandwidth and Storage Risks
9
Web Sites Infected with Malicious Code

• Malicious Java, JavaScript, ActiveX Code
• Nimda, Code Red, and others still prevalent
• 48 of infected sites are mainstream websites

10
Personal Storage/Backup Sites

• Grew 360 in the last 12 months
• Employees can covertly store company confidential
  information on the web
• Serious security risks and legal implications
• HIPAA
• GLB, Sarbanes-Oxley
• CA SB 1386

11
Although touted for speed and convenience,
Instant Messaging also contributes to lost
employee productivity, bandwidth consumption and
legal risks for the company when used improperly.
12
Instant Messaging

• No longer just chatting
• Files are sent and retrieved
• No audit records

13
"I've been advising my clients to also ban
music-sharing software in the workplace," said
security consultant Richard Smith. "Companies
are just sitting ducks for RIAA lawsuits."
14
Peer-to-Peer (P2P) file-swapping threatens

• Security
• Legal Liability
• Bandwidth
• Storage
• Productivity

15
These programs run in the background, popping up
advertisements and quietly uploading information
about a Web surfer's habits, keystrokes,
passwords, and other confidential information
16
Anticipated Video Game Stolen by Hackers the
source code theft would result in a four month
delay, pushing Half-Life 2 back to April 2004.
17
Managing the Risks
18
www.playboy.com
19
REASON The Websense category Adult Content is
filtered URL www.playboy.com
Click here to view the companys Acceptable Use
Policies for Corporate Computing Resources
20
3 Layer Approach To Manage Risks
21
4 Levels of Desktop Control

• Inventory management identify
• Do we have Spyware or Hacking tools?
• How many copies of Microsoft WORD do we have?
• How many of them are actually used?

22
(No Transcript)
23
4 Levels of Desktop Control

• Inventory management - identify
• Control application by category
• No Spyware allowed ever
• No Games between 8 AM 5 PM
• Only Help Desk can use Remote Control
  applications

24
End-users get a block message
LC4.exe
25
4 Levels of Desktop Control

• Inventory management - identify
• Control application by category
• Lockdown mode approved apps only
• Best for dedicated use computers
• Shop floor
• Nurses stations
• Bank kiosks

26
4 Levels of Desktop Control

• Inventory management
• User-based policy management of software
  application by category
• Lockdown mode approved apps only
• Outbreak mode - instantly stop unwanted apps
  like MyDoom, Blaster

27
Reporting
28
Websense Reporter Sample Report
29
Websense Explorer Main Page
30
Summary

• Computing Risks occur at the
• Internet Gateway
• Network
• Desktop
• Management by CATEGORY gives maximum control with
  minimum effort
• Sophisticated reporting tools help identify and
  manage risks

31
Whats in YOUR Network?

• Do-It-Yourself
• FREE 30 day trial at www.websense.com
• Professional Service
• Employee Computing Risk Assessment
• Security
• Legal Liability
• Bandwidth Waste
• Productivity