Pearl Software Blog

Internet Monitoring and Web Filtering Topics

The Internet and Employee Liability - Part 2 of 3

Three Part Blog

Part 2: The Internet and Employee Liability

In the previous article, we looked at productivity concerns related to employee use of the Internet. In this article we turn our attention to liabilities managers must consider when employees use company resources to access the Internet. So what new liabilities have you brought upon yourself since your company decided to connect to the ‘Net?

The term “hostile workplace” conjures up images of screaming supervisors publicly berating employees. Now, Sally walks past Fred’s cubicle and Fred has a provocative YouTube clip running on his screen. Then Fred, who has always had a weird sense of humor, email broadcasts an off-color joke that he thinks is a riot. Most of the recipients in the office think Fred’s joke is marginally funny, if that, but Sally, who is miserable to begin with, is now sent over the edge and decides to retire by slapping a hostile workplace lawsuit on you. Sound like an exaggeration? The Internet has broadened the definition of sexual harassment. Edward Jones, one of the world’s biggest brokerage firms, issued a memo demanding its workers disclose if they sent pornography or off-color jokes over the brokerage’s e-mail system. Forty-one employees who confessed were disciplined, but 19 who failed to come forward were fired. More...

The Internet and Employee Productivity - Part 1 of 3

Three Part Blog

Part I: The Internet and Employee Productivity

Competitive enterprises exist to prosper and therefore must operate with efficiency. Corporate stakeholders are tasked to keep labor and material costs low, justify investment in capital and variable expenses and protect the enterprise from contingent and potentially crippling liabilities derived, for the most part, out of negligence (lawsuits, product recalls, negative publicity, physical and IT infrastructure damage and disrepair). We continue to hear that productivity gains are paramount to controlling inflation and keeping manufactured goods competitive in world markets. In order to control costs and maintain your company’s competitive advantage, it is incumbent upon Management to identify and rid the corporation of malingerers and identify those that are less productive. Functional units need to keep their house in order to reduce the probability of extraneous costs. Operational efficiency takes on new meaning in times of economic contraction. Add the constant spate of corporate governance and consumer privacy legislation and you have a recipe that only disturbs the delicate balance managers must deal with as they attempt to meet requirements without destroying employee morale. In considering employee Internet access, clear thought needs to be given to productivity, liability and security. More...

Healthcare.gov – Typical Growing Pains or a Security Nightmare in the Making?

At the outset, the #Obamacare website was not only riddled with errors, but it also came with a huge price tag: $600 million.  Most of us in IT cringe due to the fact that we have had our own hopefully-less-public IT disasters.  Projects evolve.  New software, hardware, devices and network designs are introduced to users that have typically been tested, revised, regression tested until ready for release.  The more complex, the further new releases will be from perfection.

When #Healthcare.gov went live the cacophony from the public combined with the bright lights of the media would make any IT development team want to curl up in the fetal position – and with good reason.  With $600 million, one can only scratch their head and ask why the development wasn’t outsourced to a US company with a track record of competence.  Why not IBM, HP or NYXT, the chief architects behind the single fault tolerant systems designed for the NYSE?  Why not hire the beleaguered NASA; they’re pretty incredible at getting the impossible done.  Why not tap the expertise of Google and Facebook; they live and breathe immense-scale data handling and user access. The Obama administration didn’t just throw up a faulty website, they emboldened so many that believe the government is incapable of doing big things.  And in doing so, they allowed their detractors to easily conflate a faulty website with a public healthcare policy. More...

Tips to Avoid Phishing Scams

The year-end saw an unprecedented number of emails from retailers and businesses looking for you to visit them and make a purchase.  Unfortunately, this time of year also brings a large increase in spam and hack attempts that arrive in your inbox alongside the overflow of retailer emails. These emails are also known as “Phishing” emails.

Whether you're on a corporate network or personal network you will be putting yourself at risk by opening these fraudulent emails. Phishing emails are getting harder and harder to differentiate from legitimate emails and when opened on a network can cause major havoc and security issues for your business data. So how do you know whether an email is legitimate or a “Phishing” email?

The tips below will help you identify and avoid falling prey to a phishing email: More...

Presidential Candidates Don’t Have the Key to Encryption

It’s scary to hear the 2016 presidential candidates talk about encryption and Internet security when attempting to thwart use of the Internet as a terrorist recruiting tool. As if it’s not bad enough when Donald Trump says, “in certain areas, closing that Internet up in some way.” There exists a common misconception (particularly in Trump’s target demographic) that the US controls the global Internet. Infrastructure in foreign countries provides Internet services to people living abroad. We don’t have a pretty switch with gold brocade, Mr. Trump.

So how do we intercede and monitor communications that have been protected by encryption? Here’s what our misinformed presidential contenders are saying: More...

BYOD Policies for the Enterprise - Mobile Device Management (MDM)

Although BYOD (Bring Your Own Device) is a landscape that is constantly in flux, developing a policy for BYOD security is a critical first step in stabilizing this environment.  Businesses and institutions need to understand that there are many things that they can do to create a strong security policy. This can be accomplished by realizing that there are a number of fundamental policy concepts that can provide a framework that will accommodate the changing landscape.

Since employees desire to use all manner of mobile devices in the workplace, security is the primary concern. Consequently, the policy must work hand in hand with the security measures that are enacted by the IT department. Although the goal is to clearly define those devices that can be used and how they can be used in the workplace, IT departments must work in partnership with other major departments and C-suite level players to make these determinations.

Not only should the BYOD policy clearly define accepted devices as well as the resulting security policy for each, they must also describe the security software requirements as one of the security that would be in place. Its best to choose a software solution that can allow remote monitoring, blocking and filtering of the activities on a wide variety of devices as well as respond to Apps, private clouds, Wi-Fi networks and remote desktop services. More...

Business Cyber Attack - A $50,000 Bitter Pill (If You're Lucky)

Commonly known as cyber-attacks, data breaches, or cybercrimes, data theft (whether it is internally or externally driven) can bankrupt the average business. During the fallout of a data breach, businesses can lose proprietary data that form the core of their capital-generating strategies. The aftermath of this can result in massive lawsuits. As these incidents increase, businesses are asking how much a cyber incident could cost them.

The U.S. government collects information on cybercrime and cyber espionage through various means. Yet, it is still difficult to accurately assess the cost of cybercrime for the average business because of varying business landscapes and the diversity of cybercrime attack methods. In addition, businesses are often reluctant to report these incidents due to the potentially devastating fallout or further exposing vulnerabilities that subsequent cybercrime provocateurs could exploit.

Many reputable cybercrime surveys peg the average business’s annual losses at anywhere from $1 million to more than $3 million. This falls in line with PriceWaterhouseCoopers (PwC) 2014 Global Economic Crime Survey, which found that 7 percent of U.S. organizations lost $1 million or more due to cybercrime incidents in 2013. The survey went on to show that 19 percent of U.S. entities reported financial losses of $50,000 to $1 million, compared with 8 percent of worldwide respondents. More...


Bad Things That Happen Without Web Monitoring Software

Today, most businesses rely on having fairly unrestricted access to the Internet as a tool in bottom-line productivity. Without balancing that unrestricted access with the use of web monitoring software for employee computer and network users, the bottom line benefits to open access quickly erode. Here are some of the things that can happen without web monitoring and filtering software that lead to costs that outweigh the benefits of open access.

Web monitoring software for your business is actually about safeguarding your network, assets, investment and reputation. One of the chief ways that businesses can get burned without web monitoring software is by having a compromised network where data loss will likely occur.

When employees access compromised sites or download infected files, they can compromise the network and put proprietary data at risk. Even one computer that is infected with malware, toolbars, adware, and other “add-ons” can spread throughout the network and cause system instability. Once inside a network, worms can spread fast, and that one user’s misstep on the web impacts everyone and the daily operations of the business. The cost in time and money to get things back on track is always more than any business wants to expend. More...

Web Filtering: Choke-Point vs. Endpoint

There are generally two main enterprise architectures used to monitor and/or filter access to content available on the Internet: Choke-Point (web proxy, router, firewall, etc.) and Endpoint (client-server). Each has its advantages and disadvantages that we will explore.

Choke-Point Architecture

The Choke-Point architecture provides a central point of access to the Internet for all users.  The Choke-Point is normally a server, firewall or router with embedded filtering software or one or more “Internet appliances” – stand-alone devices for targeted applications.  Websense is an example of a caching Web proxy server that provides a nearby store of Web pages and files originating on remote Web servers, allowing local network clients to access them more efficiently.  When it receives a request for a Web page, a caching proxy looks for the content in its local cache. If the content does not exist in the proxy’s cache, the proxy server retrieves it from the appropriate Internet server in order to satisfy the request and saves a copy in its local cache for future requests. Sonicwall and Watchguard are examples of firewalls with embedded filtering software; usually third party URL filtering databases.  Since requests to access Internet sites are sent from each workstation in the managed environment, a decision about whether the site may be accessed can be made centrally at the Choke-Point. If a user requests a site that is determined to be off limits, the server or device returns a response to the user indicating that access is denied. More...


The Cost of Malware and Spyware

As businesses of all sizes increasingly use cloud storage and services and incorporate the Bring Your Own Device (BYOD) approach to employee management, malware and spyware are growing threats that can financially cripple or destroy a business. While it is important to understand the true costs of these attacks on a business, it is best to start with an explanation of the difference between malware and spyware and approaches to removing them.

What are Malware & Spyware?

Malware, which is short for “malicious software”, is designed to infiltrate and damage a computer without your consent. Malware includes computer viruses, worms, Trojan horses, scareware and more. It can be present on websites and emails or hidden in downloadable files, photos, videos, freeware or shareware.

Spyware focuses on surreptitiously collecting information about your usage through approaches like key logging to record your keystrokes. Spyware usually doesn’t self-replicate like other forms of malware. However, like other forms of malware, spyware can cause just as much harm to a computer, a network and a business. This can have dire financial implications for a business if the spyware is able to access the business’s or its customers’ financial data.

Prevention & Removal More...