A Blacklist Policy, coupled with the appropriate network software, blocks employees from visiting of various categories of websites that present a number of different risks to an organization.
On Oct 17, 2018, the Office Of Inspector General released a report that outlines how the U.S. Geological Survey (USGS) network was infected with malware because a civil servant had an "extensive history" of watching porn while at work. The employee's Android cell phone was also infected with malware and was connected to the employees work computer via the USB interface. It was discovered that the employee visited approximately 9,000 web pages, many of which were routed through to sites containing malware in Russia.
In this instance, the malware was discovered after suspicious internet traffic was detected during an IT security audit. It is unclear how long the malware would have gone undetected had the IT security audit not been conducted. In this instance, a ransomware attack was not initiated.
The investigation identified two serious vulnerabilities in the USGS's IT security posture:
- website access - the employee was able to access websites which presented security and other organizational risks
- open USB ports - allowed malware on the employee's Android cell phone, which could have been infected at the employee's home, to infect the employee's work computer and the USGS network
Developing a Blacklist Policy is relatively easy and the required network software (DNS filtering) relatively inexpensive.
Employee Security Awareness Training (SAT) is another important prevention step that business owners can take to reduce security risks.