This weeks’ Tip is a bit of a misnomer. Of course most businesses want to control employee websurfing, for a number of reasons, only beginning with productivity.

Often the question is “how?”

Yet, as today’s Tip highlights, many businesses just don’t get around to putting any controls in place at all.

security curmudgeon over at DataLossDB gives a handy reference to an article at the Las Vegas Sun, detailing rampant identity theft via stolen credit card numbers. Now we’ve all heard about these for years, but the article is very interesting as it details some of the methods used to swipe (pun intended) the numbers, including skimmers.

But notice the introductory case: when salespeople at a high-end fashion retailer weren’t ringing up customers, they were surfing the web–apparently right on the POS device! This happens all day long across America, and owners/supervisors galore are familiar with the irritation. But in this case an employee, who was, no doubt, checking her Facebook page (or maybe MyLaptopGPS’ new Facebook page?) and tootling around the web, managed to download a virus that included a keylogger.

The rest is history.

Employee behavior is perhaps one of the most dangerous threats a business faces–it’s the gateway to most actual threats. Take it seriously now, or take it seriously later, but rest assured you’ll have to take it seriously whether you’d like to or not.