Security comprises a number of different fields, including the often neglected concept of web security. Web security is often not seen as a first line of defence and simply having an antivirus and a firewall installed are enough to provide adequate security protection; however, that’s not the case.
Here are five reasons why you need to optimize your security by focusing on web security and not basic measures such as antivirus or a firewall.
- Information Disclosure – Web security is not just about ensuring nothing malicious gets in, it’s also about ensuring nothing important gets out. A web security system needs to be able to detect if users are trying to access malicious sites such as phishing sites and other online scams so as to prevent information leaks.
- Availability – Security is understood to mean three things: Confidentiality, Integrity and Availability. If users are spending excessive time browsing high bandwidth sites such as video streaming sites they could saturate bandwidth to a point where mission critical systems, such as email, would not have the necessary bandwidth to operate thus causing delays or dropped connections.
- Legal Liability – Virus infected software is not the only concern for an organization. One also needs to ensure that no unauthorized software has been downloaded. Web security means making sure that users are not visiting sites that might place the organization in legal jeopardy.
- Exploitation – Not all malicious website attacks occur using viruses or Trojans. Exploits can target vulnerable web browsers which allow the attacker to take over and run commands on the victim’s computer, which will however, not seem malicious to an antivirus.
- Abusive Behaviour – While reasonable personal use of the Internet by an employee is perfectly fine, abuse is not. Monitoring Internet usage is very important and beneficial to an organization as it can save on bandwidth costs, improve productivity and provide a morale boost for those employees who browse within the organization’s limits. Excessive Internet use can also be seen as a warning sign, because if someone is breaking that policy then they could very well be breaking others.
Excessive browsing can also put the company at risk to the above-mentioned threats. If an employee spends a lot of time on social networking or instant messaging sites there could be the risk of information disclosure. Moreover, if a lot of time is spent streaming videos or music there could be a risk to availability and legal liability.
While installing a firewall and an antivirus solution provide a good start to a security policy, as they cover certain areas of the security paradigm, it’s definitely not all there is to web security. Apart from the above-mentioned topics, there are plenty of other reasons justifying why you need to go beyond the basics and further optimize your web security.