As if adware weren't annoying enough, now companies have to worry about spyware: programs being stealthily loaded onto corporate PCs and relaying private information such as your Web-surfing history, screen shots and keystrokes to an unknown party, possibly a competitor. Spyware infects about 25 percent of corporate PCs, says Peter Firstbrook, a META Group program director, and it can slow productivity, waste bandwidth and cost millions in lost intellectual property. "For some companies, spyware has become the No. 1 help desk issue," says Firstbrook.
Spyware is hard to detect and harder to remove. Current antivirus software doesn't scan for all of it, and although there are some enterprise antispyware programs, removing spyware must often be done computer by computer.
But there are some steps you can take to protect yourself. "First, make sure people are very careful about what they download," Firstbrook says. Besides educating employees, CIOs can use a Web-filtering product to control where people surf. These filters classify every site on the Internet, so when employees type in an address, it decides if they are allowed to go there. "You want to keep your employees on the well-lit streets of the Internet, not the dark alleys," says Firstbrook.
For specific problems, several programs are available that search for spyware and help remove it. They include Spybot, Spy Sweeper from Webroot Software Inc., PestPatrol and Lavasoft Inc.'s Ad-aware. If you want to defend against keystroke loggers, use two-factor authentication for your PCs, such as a USB or physical token for authorization to log into computers. That will prevent someone from walking over and loading spyware into your computer.
Keep spyware out
Tighten your company's Web gateway policy
Lock down desktops to prevent applications from being loaded
Use two-factor authentication
Monitor PCs for malicious code using asset-tracking tools
Deploy enterprise antispyware tools as they become available
test
