There are popular websites, web services, or apps that are frequently accessed by employees during office hours. Based on an anonymized statistics of events captured in a Kaspersky product (voluntarily provided by customers), the top 5 most used services by employees through their corporate devices are as follows:
1. YouTube
2. Facebook
3. Google Drive
4. Gmail
5. WhatsApp
Unfortunately, also based on the same analysis, many of the web services are also the most exploited for phishing and other malicious actions by fraudsters:
1. Facebook (4.5m phishing attempts)
2. WhatsApp (3.7m)
3. Amazon (3.3m)
4. Apple (3.1m)
5. Netflix (2.7m)
6. Google bundle-YouTube, Gmail, and GDrive (1.5m)
Not surprisingly, there are organizations that block specific websites and services on their corporate devices. These businesses may have decided to impose such restrictions due to various reasons like compliance with data regulations. Here are the top 5 of those often blocked services in the workplace:
1. Facebook
2. Twitter
3. Pinterest
4. Instagram
5. LinkedIn
“We can’t imagine our daily lives and work without different web services, including social media, messenger apps, and file-sharing platforms,” said Kaspersky security expert Tatyana Sidorina. “However, it is important for any organization to understand where threats may come from and what technology and awareness measures are needed to prevent them.”
Kaspersky suggests the following steps that businesses may adopt to make sure their employees use web services safely and securely at all times:
• Show employees how to recognize fake or insecure websites and phishing messages. Remind them not to enter their credentials before checking credibility or open/download files from unknown senders.
• Conduct basic security awareness training for employees. Kaspersky Automated Security Awareness Platform provides such training in an easier and more effective way.
• Adopt a proven endpoint security product with web, network, and mail threat protection.
• Enhance IT managers’ expertise on relevant cyber threats and how to prevent those.