Some of the ways that organizations can prevent employees from downloading and installing rogue applications on the Internet are-
- Set up Standard user accounts, and not Administrator accounts for employees on their laptops, as well change the default local administrator account passwords.
- Route all outbound Internet connection through a proxy server and set up a blacklist of prohibited software
- Apply file filtering rules to the perimeter IPS and do not allow blacklisted applications to be downloaded
- Apply URL filtering on the IPS, or on next-generation firewalls, and block the user from accessing websites which host blacklisted software
- Install end-point anti-virus and anti-malware on all workstations – they will prevent the download and installation of rogue applications
- Create a software download and installation policy that mandates that all software and applications installation requirements should go through ticket request system
Monitor workstations through an asset management system and remotely uninstall applications that were not approved