iPrevision Presentation – February 19th, 2008

Network Security from the Inside Out


1. Employee Internet Monitoring (EIM)1. Employee Internet Monitoring (EIM)

2. Facts and Figures2. Facts and Figures

3. Emerging Threats3. Emerging Threats

4. EIM Technologies and an EIM Strategy4. EIM Technologies and an EIM Strategy


A few questions to get started…


How much time, on average, do you think is wasted using the internet at work for personal reasons?

Roles represented here today?

How many here have used the internet at work for personal use? (Travel, personal e-mail, IM, Myspace, etc)

How many of you are currently using an Employee Internet Monitoring solution?


Why do you need to think about Network and Internet security now?

- The Internet has become a standard tool of business; as standard now as a PC and a phone.

- New Web Based tools are being introduced everyday

• Instant Messaging

• Web Mail

• Web Research

- Company is liable for all activity on their Network

• Sexual Harassment lawsuits

• Illegal File Sharing lawsuits

• Sarbanes-Oxley


Cyberslacker (sy-ber-slak-er) – 1. An employee who uses company Internet resources for non-work purposes. 2. To be continually distracted by the Internet.

Some activities of a Cyberslacker may include booking personal vacations, buying or selling personal items on-line, Instant Messaging with friends, downloading music for an MP3 player, web surfing on company time and using company resources.


Employee Internet Monitoring (EIM)Employee Internet Monitoring (EIM)

Activities such as sending non-work related chat messages, online pornography, online gambling, and the illegal downloading of music and movies are all evidence that employers should have a valid concern.

Historically, the monitoring of these activities was performed by IT on an ad-hoc basis when a new concern would arise.

For smaller organizations without an IT staff, it was dealt with by trying to implement a usage policy with no technical enforcement capability.

Today, EIM shouldn’t be the cause of additional IT work. It can and should be addressed by business units such as Human Resources or other line managers who need quick, reliable reporting on employees’ use of the Internet.


In discussing Internet monitoring and management (EIM) solutions, an area that often gets confused is the difference between monitoring and blocking. Many firewall solutions allow for the complete blocking of sites but this is not the same as internet monitoring and this approach can be far too restrictive and difficult to manage in a dynamic business environment.


In April, 2005: The Gallop Organization reported that the average employee uses office computers and internet access for non-work related activity 75 minutes a day. They go on to say that at an average of $20 per hour in total compensation, this equates to $6,250 per year.

At about the same time the Department of Labor came to a similar conclusion and estimated that annual costs in non-work related internet activity was $6,500 per year.


In July, 2005: America Online & Salary.com surveyed 10,044 people. The objective of the study was to determine the difference between how much time was wasted at work compared to what management and human resources assumed was being wasted.

Key Findings

The results showed that employees are wasting about twice as much time as the employers expect.

Non-work related Internet use was the #1 distraction at work by an overwhelming margin.


The Top 5 Industries Spending more time than Employers Expected

1. Insurance 1.10 hours

2. Public Sector 1.05 hours

3. Research & Development 1.01 hours

4. Education 0.96 hours

5. Software & Internet 0.96 hours


Costly Business

This study estimates the average salary in America to be $39,795 annually or $19.13 per hour.

In the Insurance Industry that equates to;

$21 per day

$105 per week

$5,471 Per Year Per Employee


Emerging Threats“Three out of every four home and work Internet users …access the Internet using a non-browser-based Internet application. Media players, instant messengers and file sharing applications are the most popular Internet applications.”

(Nielson/NetRatings, 2003)

Instant Messenger (IM)

Peer-to-Peer (P2P)

Webmail


50% of those in the study received and circulated inappropriate material via the corporate system.

Instant Messenger (IM)

Extremely popular – Less expensive than the phone and quicker than email.

40% of the top viruses are capable of propagation through IM applications.

Most organizations don’t have a clear communication policy or monitoring capability that addresses IM utilization.

IM is used to transfer files in an untraceable way. (Could be little Jimmy’s soccer picture or a Client List or P&L)


Over 10% said that they used the corporate system and internet connection to download pirated music, movies, games, and software.

Peer-to-Peer (P2P)

A July 2003 study showed that 77% of the companies polled had detected at least one P2P file-sharing application on their network.

P2P applications like Kazaa make it possible for users to access files from other computers or networks over the internet and are used to share music, movies, and software. P2P is also very popular for Online Gambling.

An Arizona company paid $1 million to settle a lawsuit with the recording industry that charged copyright violations involving MP3s stored on the company’s computer system.


45% of the employees reported using Webmail regularly from open company systems.

Most popular are Yahoo!, AOL, Hotmail and GMail

All of the threats that are addressed in the corporate email system become very real with the use of Webmail.

Webmail is consistently the vehicle used in sharing company information outside of the company.

Webmail presents the same file transfer and confidentiality concerns as IM and P2P.


EIM Technologies

Desktop Software

Server Software

Network Appliance


Your EIM Strategy should include the following;

The ability to monitor and manage the market leaders in Instant Messaging (IM), peer-to-peer networking (P2P), and Web-mail as well as the day-to-day browsing habits of network users.

Managing your employees Internet usage must provide measurable results from increased employee productivity and reduced exposure to litigation while providing a service that is scalable and manageable, delivering the return-on-investment (ROI) demanded in today’s business climate.

Finally, the sensitive nature of Employee Internet Management requires that the selected solution provide management with the tool it needs to view Internet activity from a corporate, managerial or individual level, in real time, and in a secure environment.


Myth vs. Fact

Myth: Management was confident they knew who their top offenders were, they just needed to prove it.

Fact: Those suspected of Internet abuse weren’t even in the top 10.

Myth: Employee was too busy to cover for colleague while she was on maternity leave.

Fact: Employee was spending over 300 minutes per week on personal internet and Web-mail use.


Myth vs. FactMyth: We have a pretty good handle on employee Internet use because all of our monitors in the office face outside, so we can see them when we walk around.

Fact: Average amount of personal internet use among top 10 offenders was over 2 HOURS PER DAY.

Myth: Peer-to-Peer is not an issue in our agency.

Fact: The morning after installation, with Peer-to-Peer notifications turned on, management received over 50 alerts within the first 2 hours.

Myth: Your carrier websites are the most visited sites by your employees.

Fact: We have seen the FIRST carrier website listed as low as #17 on the most visited sites report.


Common Objections

Our employees don’t use IM, or at least they’re not supposed to.

We can already block certain sites with our Firewall.

What about employee privacy? Is this legal?

We can’t afford it.


What do you think is the biggest objection with implementing an Employee Internet Monitoring solution?


“I don’t want to know.”

Don’t bury your head in the sand!

iPrevision Presentation – February 19th, 2008

Documents

Transcript of iPrevision Presentation – February 19th, 2008