Which do you think is a bigger risk to company networks - spam or surfing? If you guessed the latter, the results of a recent study would say that you are correct. Check out the news story: "Surfing a bigger risk than spam to company networks."
According to the story, "Nearly 40 percent of the 200 Danish companies surveyed said their systems had been infected by a virus or worm, despite the fact that 75 percent had implemented a security policy, IDC Denmark said in its report, released Wednesday. But the malicious software in question is no longer primarily making its way through e-mail, as in the past."
IDC Denmark's managing director, Per Andersen, offers the following survery results: "30 percent of companies with 500 or more staff have been infected as a result of Internet surfing, while only 20 to 25 percent of the same companies experienced viruses and worms from e-mails."
So, how dows IDC suggest that companies combat infection via surfing? "IDC believes that banning personal Internet use isn't realistic, particularly as a long-term solution. Instead, the research firm recommends closer monitoring of employees' Internet use and using tools that give management an overview of time spent and behavior patterns online."
I don't think that banning Internet use OR monitoring Internet use are very positive solutions, but it's clear that organizations must do something to protect company networks from these security threats. My suggestion would be to educate employees about the dangers of surfing. Have a training session that requires them to be present, rather than just sending an e-mail and hoping they read it. Write a policy that states what's acceptable and unacceptable use of the Internet while on company computers - and then enforce that policy.
What solution(s) does your company have in place to prevent security threats via Internet surfing?