We all know that the internet poses many threats to the safety and security of our companies. However the old solution of simply blocking certain websites is no longer a viable option. With the increased necessity of social media sites to be used for business purposes, many employees need access to once restricted areas in order to do their jobs properly. Further, there are several ‘workarounds’ available for the more technically savvy members of your staff assisting them in gaining access to once restricted domains of the internet – putting your company at risk.

So then what is the solution?

The first thing is to make sure your internet usage policy is current, up-to-date, and that it works with and not against employee effectiveness while also protecting your organization from harm.

Secondly, be sure you are as up-to-date as possible on the workarounds being used to gain access to restricted sites. While some sites like LinkedIn and Facebook are more acceptable within our offices than they used to be, others like gambling sites should still be blocked to protect you from malware. We recently read a great article by Joan Goodchild, Senior Editor for CSO Online, discussing the most popular workarounds and ways to combat them and have provided a summary for you here.

Workaround 1: Typing in an IP address instead of a domain name

• Using the IP address of a blocked site will sometimes allow users to bypass security that looks for a domain name only, and there are many websites where the IP address can be accessed by employees.

Workaround 2: Finding a cashed version

• Search providers, like Google, cache websites on a regular basis – which basically means that they save a version of the site on their own servers. One can navigate to a cached site in Google by clicking on the ‘cached’ button after a search result.

Solution: Ignore the IP/URL blocking altogether and block sites based on the content line instead.

Workaround 3: Hiding behind encryption

• Entering HTTPS in front of the web address will often provide a stripped down version of the restricted site. There is also SSH, encrypted SOCKS, and other different alternative channels that masquerade as web traffic on less than intelligent network devices.

Solution: You may consider implementing a web proxy and gateway that allow content to be analyzed by creating a pit stop along the way.

Workaround 4: Using proxy servers and other privacy-friendly tools

• Some employees set up their browser so that their web queries go through an encrypted tunnel to an external server which may give them unrestricted access to sites. An example of this is GhostFox, a browser extension of Firefox.

Solution: If the proxy server is unencrypted, you can inspect the traffic and block either by blocking proxy connections at your firewall and/or by looking at web page content. If the traffic is encrypted then blocking becomes difficult, if not impossible.

Workaround 5: Using smartphones

• While using a personal smartphone isn’t necessarily tampering with a company computer, it can still be a violation of company policy if it is being used to access blocked sites during paid work hours.

Solution: Options for security in this instance are limited unless the device is provided by the company in which case it can be restricted through policies and proxy servers. However if it is a personal phone, the only answer is monitoring by management and strict no-usage policies.

Ultimately one of your best tools can likely be found in good old fashioned communication. Consistently letting employees know why policies are in place, and how they protect the organization can increase their respect for the ‘rules’. Further, an open door policy with your management that allows employees to explain why and how a restricted site may increase their customer service or productivity is a must. It is important to make sure we are not only protecting IT resources – but also encouraging our staff to find ways to become more efficient.

To read the entire article, click here.

A couple of weeks ago we reported that the AICPA had come against some of the more burdensome requirements originally included in the new Patient Protection and Affordable Care Act regarding new 1099 information reporting requirements. Namely a provision requiring businesses to report any purchase from a vendor (including corporations) of goods or services worth $600 or more. The main concern we noted was that, ‘this would put an unnecessary burden on small businesses compiling the data each year and that the information provided to the IRS wouldn’t be beneficial as it would be difficult to reconcile individual vendors from various 1099 statements in order to collect unpaid taxes.’

Recently members of the Senate have responded to this outcry with bill amendments to the Small Business Jobs Act hoping to relieve this and other issues.

A new modified version of the Business Jobs Act including an amendment to repeal the expanded 1099 filing requirement is scheduled for vote by the Senate on September 14th. However there are others who have further ideas in regards to the bill’s improvement including:

• Raising the threshold for reporting transactions from $600 to $5,000.
• The elimination of the $15 billion Prevention Trust Fund, which provides access to preventive services, including cancer screenings and smoking cessations programs.
• Repealing tax cuts for the five largest oil companies, allowing them to deduct 6% of their income from oil and gas production from their tax liability.

The bottom line is that the bill isn’t yet complete – and there is still time for improvements before it becomes effective in 2012. If you’d like to read more information on this issue, click here.

Free Live Webinar – Register today!

Wednesday, August 18, 2010
10:00AM PDT / 1:00PM EDT

Over a business’s lifespan, it will face the task of continually replacing, upgrading, or enhancing its business systems in response to changing market conditions, new technologies, and shifting strategies. Consider how your organization approaches ERP (Enterprise Resource Planning).  Are you effectively leveraging your people, processes and software in a way that keeps you operating efficiently and a step ahead of your competitors? 

This FREE LIVE Webinar will help you and your colleagues to chart a course for ERP evolution at your company, and to harness the power of your chosen solutions to achieve and sustain business value over the long term. Sign up now for this educational event and you’ll learn about the critical points for success, including:

• 7 steps to driving total business value using an ERP system
• A step by step approach for evaluating ERP solutions in a way that supports your specific and concrete business goals
• How to factor important benefits typically not reflected in classic ROI/TCO analysis—such as greater flexibility and business agility—into your project in a more formal, institutionalized manner
• How to build business transformation, value, and change management into the foundation of your deployment to ensure a successful ERP outcome

Who should attend:  CIOs, IT and Finance directors and managers, and ERP project managers.

A Chance to Win – Live attendees will be entered for a chance to win an iPod Nano. One winner will be selected from the audience by random drawing.*

If you’re interested but can’t attend the live event, register today and we will send you a link to the on-demand archive when available.

Featured Speakers: 

Eric Kimberling has over 10 years of experience devoted to the field of ERP and IT Benefits Realization, including performance measurement, process improvement, and organizational change management. He is the President and founder of Panorama Consulting Group, a US-based company that provides IT and ERP Benefits Realization consulting to international companies. Panorama Consulting Group also helps clients with ERP vendor selection, project planning, merger integration, third-party quality assurance, and strategy alignment.

Erik Kaas is Director of Product Management for Mid Market ERP products at Sage. He is responsible for managing the product life cycle from strategic planning to tactical activities. Erik manages a team of product managers responsible for specifying market requirements for current and future products. The product management team conducts market research supported by customer visits to ensure that engineering develops and releases products based on the needs of customers. Prior to Sage, Erik was responsible for product management at Pivotal Corporation, a provider of CRM solutions for mid market enterprises. He holds a Master in Computer Science degree from the Eindhoven University of Technology (the Netherlands) and a Master of Business Administration from Simon Fraser University (Canada).

Michael Oliver-Goodwin is a Contributing Editor for Focus. He is a widely published writer and an experienced editor for publications, including PC World, MacWeek and InfoWorld.

Register Now!

*Employees of associated companies are not eligible for drawing. Person must live in the US or Canada to be eligible. Winner is chosen at random. Winner will be notified at the conclusion of the live webinar. One prize will be given out per person selected from the drawing. 

Under the new healthcare law in the Patient Protection and Affordable Care Act is a new reporting requirement that requires businesses to report any purchase from a vendor (including corporations) of goods or services worth $600 or more.

The AICPA believes that this would put an unnecessary burden on small businesses compiling the data each year and that the information provided to the IRS wouldn’t be beneficial as it would be difficult to reconcile individual vendors from various 1099 statements in order to collect unpaid taxes.

The new reporting requirement will take effect for the 2012 fiscal year and will be reported on 1099 forms in 2013. In his letter, AICPA Tax Executive Committee chair, Alan Einhorn stated, “This expansion of information reporting may prove to be so burdensome to small businesses that we believe it will significantly contribute to the hurdles to growth and formation that businesses face. Repeal of section 9006 of the Act is the best alternative to imposition of an overwhelming compliance burden on the nation’s small business community.”

For more on this, click here.