Trend Micro reveals new common sense techniques for protecting online security

Most people use familiarity, built up over the passage of time, as the basis for developing trust. Yet when it comes to websites, too many users are willing to visit a site that has only recently appeared. This can provide fraudsters and thieves with a window of opportunity to exploit.

Safe web browsing behaviour can be compared to air travel:

"If you are planning on flying abroad, you need to ensure that your passport is at least six months valid from the date of your outbound travel. CIOs should look at websites in a similar way. They need to know how long domains have been in existence and how many times they were moved, and restrict employees' access to these accordingly,"

said Justin Doo, Managing Director, Trend Micro Middle East and Africa.

Until recently, both consumer and corporate IT users knew to be careful before clicking on certain unsolicited e-mails due to the fear they may contain computer viruses. But as malware threats change and evolve, users are increasingly being affected by simply visiting a website.

Some websites contain potentially dangerous downloaders which install themselves on your PC without you noticing. Once installed, these can monitor and steal your passwords as well as bombard you and others with targeted spam. This has widespread implications, particularly for corporate users who, as part of their job, can browse a large number of websites on a day-to-day basis.

"There has been a lot of recent activity on social networking sites like MySpace and video-sharing sites such as YouTube," said Justin Doo.

"People surf to popular sites and end up downloading a Trojan without knowing it, whether at home or in their lunch hour at work," he added.

Justin Doo warns that enterprises need to take a careful look at their policy reinforcement with regards to web surfing. CIOs should educate users and ask them to be more vigilant in their web browsing behaviour. Every day 1.3 million new web domains are registered whereas a million are retired. But how do you know which websites are safe and which to avoid?

One way companies can guard themselves more effectively, is by keeping track of which websites have been idle and rating these as 'potentially dangerous'. Once these are rated, IT administration can educate users and ensure that these websites are no longer visited. Many of the new sites failed to complete due to payment and de-list just as quickly, leading to potential confusion over a fast-moving medium.

"It's amazing what a phisher can do with a domain in a short time frame. Awareness is the key to denying them the opportunity to steal and defraud" said Justin Doo.