Large enterprises have employed content filtering for many years now, which helps their IT departments in several ways, including:
Reducing frivolous and work-unrelated web browsing among employees
Helping to alleviate legal risk related to unauthorized use of company Internet access
Increasing availability of the company’s full Internet speeds
Blocking sites that spread malware and viruses
The owner or manager of a smaller enterprise or business may not see the benefits of the first few items listed above outweighing the costs of a filtering solution, but let’s focus on that last bullet point regarding malware infections.
According to a security bulletin from Kaspersky, “The number of attempted web-based infections in 2012 is 1.7 times greater than in 2011, while the number in 2011 was 1.6 times greater than in 2010. “ In plain terms, this means that web browsing is swiftly becoming the preferred route for malicious code to infect your employees’ PCs. The average cost to clean up a single PC is in the hundreds of dollars, but this does not include the hidden costs of having unusable systems and unproductive employees.
You may say, “I have antivirus software installed on my network already. Why do I need content filtering?” Antivirus and endpoint security software is very important, but in practice, it simply won’t catch all threats. Web content filtering works in a more proactive manner, blocking the very avenues by which the malicious code gets to your employees’ PCs in the first place. You can think of it in terms of our own human healthcare. Antivirus software is like the antibiotics you are prescribed by your physician to eliminate an infection you already have. By contrast, web content filtering is akin to the behavior of avoiding contact with the illness in the first place. For example, washing your hands frequently, taking vitamin C, and dressing warmly during the winter cold and flu season. Of course, it’s important to be able to get those antibiotics when you need them, but isn’t it better to avoid the infection entirely if possible?
Business owners may be concerned about how they are perceived by their employees when it comes to monitoring their browsing activity. They don’t want to create an environment where the employees feel paranoid or oppressed. However, most content filtering solutions are very flexible. Filtering policies can be tailored by user groups or management levels, and by categories. A policy can block file sharing and pornographic sites, for example, but leave open other categories like news or sports if desired. Also, in many cases, employees may be “clickjacked” from a legitimate website to a dangerous one without the intention of browsing anything unsuitable for work. From Richard Towey’s article on content filtering: “[Web] pages offer mash-ups of online content; often aggregated from a selection of sites. Malware writers set up these pages to host their malicious code and it’s in these dangerous corners of the web where people (as well as businesses) are most vulnerable to cyber attacks.”
One final note: In the current trend of BYOD (Bring Your Own Device), it’s becoming more popular for employees to access company systems and data using their own laptops, tablets and phones. Content filtering applied either via mobile client software or simply through the company wifi can help prevent infections to these devices as well.
Best practices for all companies, large and small, should include both antivirus/endpoint protection and content filtering to maintain the highest level of safety for their computer systems.