Office web access restrictions are usually thought of as a way of stopping employees share-trading, looking at porn or sports results during work or downloading the latest huge movie trailer on to the office server. But with the rise of web-mail services, web control becomes the other half of the email barrier, says Bob Ferguson, director of security specialist Baltimore Technologies.
One US company caught an employee trying to mail the entire customer file through his hotmail account, Ferguson says. Then there are web pages with malicious code embedded. And there are an increasing number of B2B web-oriented links that can be abused. “Web access leaves a huge door open.”
Employers in sensitive areas such as government and the financial and health sectors have always been very aware of security on information communication, says Ferguson. Now industries like manufacturing are becoming more aware of the need to protect themselves against breaches of confidentiality legal threats ranging from copyright infringement to sexual harassment.
Although not directly related, the terrorist acts of September 11 have made companies more aware of security in general, he says.
The latest release of Baltimore’s Websweeper content security product includes user selectable URL page blocking and HTTP traffic monitoring, both in and out. The user company can set lexical scans to detect any attempts to send out a confidential document, or a document without the appropriate disclaimers through the web.
Such safeguards can be set to a fine degree of discrimination according to a company policy which can take into account, for example, the status of the individual and the time of day. Many companies allow their employees some degree of recreational surfing and may, for example, allow access to news on sports events during the lunch hour.
The latest version of Websweeper is the first to support Windows 2000 fully. An XP version is delayed by the effort involved in implementation of Active Directory, Ferguson says.