Employees Shopping Online With Office PCs Increase Security Risks

According to researchers on cyber security at the Information Systems Audit and Control Association (ISACA), an international non-profit team of IT specialists, company employees doing online shopping could increase security risks for their organizations, as this practice could invite spam, viruses and phishing attacks, reported THEPOST.IE published on November 1, 2009.

As per the reports, the risks could mean potentially huge dollar losses per employee to businesses in terms of lost productivity on account of system downtime, along with even more dollar loss due to compromise or loss of critical corporate data, the researchers told.

The researchers also said that as opposed to common perception, one isn't required to go to questionable websites to cause malware infection on his computer.

Besides, at lot of instances, the user in new types of computer attacks doesn't have to follow any link could become a victim quite unknowingly. For, a virus might get installed on his system without his knowledge, while he uses his work computer, the researchers contended.

Security specialists from anti-virus software vendor Kaspersky Lab too stated that referred to as 'drive-by download' assaults have become increasingly frequent during 2008. Indeed, cyber-criminals largely prefer drive-by malware outbreaks simply because they infect systems more stealthily and help in additional assaults.

Meanwhile, the attack involves two steps for its launch. First, when the user visits an online site, into which the attacker has already injected a malicious code, it redirects the user onto a malevolent intermediate third-party server that harbors exploits. Second, in case an exploit proves effective, the attacker quietly installs a Trojan allowing him to completely take over the infected computer and subsequently steal its database of confidential information or use it as a platform for DoS attacks.

Hence, ISACA added that to remain safe, users must keep their anti-malware and anti-virus software up-to-date. They also need to be careful about 'too good to be true' offers, as bogus coupons and offers through Internet might take them onto malicious sites. Finally, users of social-networking sites must treat such websites as cautiously as they would with other sites, the Association concluded.

Related article: Employees Pose Internal Risk in European Businesses

» SPAMfighter News - 11/12/2009