If there is one thing we can be sure of is that when it comes to our IT infrastructure security, it is that we need to cover a lot of ground. Threats to our business can come from a
wide variety of sources: emails, portable storage devices, insider attacks, remote attacks, physical attacks, as well as web usage. Every single vector requires its own considerations and should not be neglected. After all, your security is only as strong as your weakest link.
So how do we go about ensuring our business web security?
One of the major risks of providing web access is that it can lead to the introduction of malware on your network. To counter such risks we need to employ antivirus capabilities that can detect and stop malware from spreading.
There are a few things you should look out for to ensure your investment provides maximum protection. There are various technologies that antivirus solutions use to detect malware. For example, there is manual virus analysis by engineers who then release specific rules for their antivirus solution through updates. In addition, there is heuristic analysis in which the antivirus solution detects the malware based on the malware’s behaviour. However, different antivirus solutions can have varying degrees of success, so using multiple antivirus engines can give you an edge in keeping your network secure against malware.
After malware, the biggest risk posed by having web access is probably phishing attacks. Specifically crafted web sites, made to look like legitimate business services your organization makes use of, can trick your employees into disclosing confidential information, such as financial credentials. Various solutions designed to ensure your business’ web security provide a number of options to protect your users from phishing attacks. These can include finger print information, as well as databases of various known phishing URLs.
The most common way employees get their computers infected with malware is through social engineering which encourages them to download malware and run it. Some malicious websites, however, do not need to rely on this step at all. Using exploits or misdirection, they can either get the web browser to download the malware and infect the victim’s machine without the user being aware, or they can even manipulate the user into downloading particular malicious software they might believe to be safe as it appears to come from a specific reputable source. In fact, such malware would actually come from a source the attacker chooses.
Ensure your network has controls that can help your users avoid such scenarios. Good web security software should include a number of features that prevent such occurrences. The ability to analyse and detect malicious code, databases that contain finger printed data of such malicious attacks, as well as a list of URLs of known malicious sites are all useful in keeping your network secure. Other, more advanced, products can also utilize technologies such as web categorization, which allows an administrator to configure access to web sites based on your company needs and thus keep risks to a minimum.
We all know business web security is a priority if we want to ensure proper business continuity. The three tips discussed above go a long way to protect your business from downtime due to a web security compromise.
Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more on what your web security solution should include.
Disclaimer: All product and company names herein may be trademarks of their respective owners.