Basketball fan or not, March Madness is a springtime staple in friendly competition. With the rise of online brackets, it can be a great way to connect with friends and family for a little fun. So, when a friend sends you a bracket invitation in the middle of the week, you probably want to check it out right away!
The average worker spends six paid hours at work building their bracket, checking scores and rankings, and watching the games. Lost worktime aside (you know what they say about all work and no play), we have to remember our cybersecurity mindset, especially important any time employees use company computers for personal activities like March Madness.
Play by The Rules
While most employees have innocent intentions in their personal computer use, it opens the door for additional risk. For example, tricky March Madness phishing attacks and the potential connection to gambling makes for dangerous territory.
To start, ensure your company has a Technology & Data Use Policy setting rules around how employees are expected to use company computers and phones. To reduce risk, many organizations are starting to move to a work-only approach, disallowing personal activities on company devices and networks altogether.
But for an exciting and time-sensitive situation such as March Madness, it can be tempting to break from policy for a quick peek at your bracket. In times like this, you may have to bring in a referee: a web filter is a software tool that can help you enforce a no-personal-activity policy without the need to look over any shoulders.
In Bounds or Out of Bounds?
Web filters work in a couple of ways: blacklisting and whitelisting.
Blacklisting works by blocking certain categories of websites often used for personal matters, inappropriate for work, or categorized as dangerous, such as:
Social media and personal email
Shopping, streaming, and download sites
Job search sites
Gambling and adult websites
Known and detected malicious sites
Whitelisting accomplishes the same goal, but takes the opposite approach: it blocks by default, allowing employees to visit only preauthorized websites. While this locked-down approach can be difficult to manage for both employees and administrators, it’s can be the safest method.
You Can Choose When to Blow the Whistle
An advantage of web filters is their customizability. The administrator has control over filters’ settings, sensitivity, and websites and categories allowed. So even if your organization allows personal use, you can still block malicious or inappropriate sites. Many filters also offer a “warn” functionality where employees can choose to proceed for certain website categories, sending the administrator a notification.
For both software options, administrators can also make approved exceptions: HR professionals need to access job search sites, marketing staff need to use work-related social media, etc. These exceptions should be well-documented and reviewed periodically with management, especially if employees’ roles and responsibilities have changed.
It's Ok to Join the Madness
This March, don’t hesitate to go mad with your brackets, but it’s also a good time to remember the importance of keeping personal entertainment to personal devices.
Your Friends @ Defendify