Install a Web Proxy Solution

A subject uses an existing, legitimate external Web service to exfiltrate data

A subject unlawfully accesses copyrighted material, such as pirated media or illegitimate streaming sites.

A subject accesses web content that is deemed inappropriate by the organization.

A subject installs unapproved software on a corporate device, contravening internal policies on acceptable use of company equipment.

A subject uses a messaging application to exfiltrate data through messages or uploaded media.

A subject can access the web with an organization device.

A subject is able to access external FTP servers.

A subject uses organizational resources, such as internet access, email, or work devices, for personal activities both during and outside work hours, exceeding reasonable personal use. This leads to reduced productivity, increased security risks, and the potential mixing of personal and organizational data, ultimately affecting the organization’s efficiency and overall security.

A subject interacts with a public Artificial Intelligence (AI) chatbot (such as ChatGPT and xAI Grok), leading to the intentional or unintentional sharing of sensitive information.

A subject uses a cloud storage service, such as Dropbox, OneDrive, or Google Drive to exfiltrate data. They will then access that service again on another device to retrieve the data.

A subject uses a code repository service, such as GitHub, to exfiltrate data. They will then access that service again on another device to retrieve the data.

A subject uses a text storage service, such as Pastebin, to exfiltrate data. They will then access that service again on another device to retrieve the data.

A subject may use an existing, legitimate external Web service to exfiltrate data

A subject uses a website or peer-to-peer (P2P) network (such as BitTorrent) to unlawfully download copyrighted material.

A subject accesses a website that allows for the unauthorized streaming of copyrighted material.

A subject uses a website or peer-to-peer (P2P) network (such as BitTorrent) to unlawfully distribute copyrighted material.

A subject accesses lawful pornographic material from an organization device, contravening internal policies on acceptable use of organization equipment.

A subject accesses unlawful pornographic material from a organization device, contravening internal policies on acceptable use of organization equipment and potentially, the law.

A subject accesses, possesses and/or distributes materials that advocate, promote, or incite unlawful acts of violence intended to further political, ideological or religious aims (terrorism).

A person accesses, possesses, or distributes materials that advocate, promote, or incite extreme ideological, political, or religious views, often encouraging violence or promoting prejudice against individuals or groups.

A subject accesses or participates in online gambling from a corporate device, contravening internal policies on acceptable use of company equipment.

A subject accesses or participates in web-based online gaming from a corporate device, contravening internal policies on acceptable use of company equipment.

A subject accesses other inappropriate web content from a corporate device, contravening internal policies on acceptable use of company equipment.

A subject can access personal webmail services in a browser.

A subject can access personal cloud storage in a browser.

A subject can access websites containing inappropriate content.

A subject can access external note-taking websites (Such as Evernote).

A subject can access external messenger web-applications with the ability to transmit data and/or files.

A subject can access websites used to access or manage code repositories.

A subject uploads confidential organization data to a note-taking web service, such as Evernote. The subject can then access the confidential data outside of the organization from another device.

A subject can access external text storage websites, such as Pastebin.