Once again, it's important to realize that you should not rely too heavily on technical security safeguards like "anti-virus" and "web-site reputation filtering" tools. Read on to learn why it's best to balance these technological approaches with security awareness training for staff.

Blocking access to "known or suspected" malicious websites based on their reputations, an approach used by services like Websense, has worked reasonably well for some organizations. However, now that attackers are learning how to infect legitimate websites with their malware, this reputation-based approach is becoming somewhat less effective at preventing malicious downloads from infecting business computers.

According to PC World, in the link below, over 80% of malicious downloads are now coming from sites that would not normally be blocked by tools like Websense.

<http://www.pcworld.com/businesscenter/article/165014/most_attacks_come_from_legit_but_hijacked_sites.html>

It's becoming clear that we can no longer expect "trusted" websites to be free of malware. So, it is critical that any staff using business computers to access the Internet be trained to recognize situations that could indicate a threat is imminent or in progress.

Employees should also be trained on how to recognize and report any unusual experiences while surfing the web to their IT Helpdesk for investigation. The more often and more quickly employees can detect and respond to these situations, the better the chances of limiting any potential damage to the business computing environment.

Anti-virus and web filtering solutions should still be considered as an important part of any security program for computers connected to the Internet, but today's culture of "Rapid Information Sharing" demands that businesses invest a proportional amount in security awareness training and ongoing information risk support sessions.