How Can I Restrict Internet Access at Work?
Home / DNS Filtering and DNS Security from WebTitan / How Can I Restrict Internet Access at Work?
There are many reasons why businesses want to restrict internet access at work. Allowing employees to have unrestricted access to the internet can result in a major drain on productivity. Unfettered internet access can also increase the risk of malware and ransomware downloads, while inappropriate internet access at work can lead to a range of legal issues. Due to the risks involved, it is unsurprising that many firms choose to use a technological solution to enforce acceptable Internet usage policies and block access to malicious websites. This post explores some of the key benefits that come from using a web filter to limit internet access in the workplace and some of the potential problems that can be caused by using content-control software.
It is inevitable that employees will slack off from time to time, regardless of whether they have access to the internet but internet access makes slacking off much easier. Simply placing restrictions on the websites that can be accessed will not eradicate time-wasting, but it can allow businesses to make significant gains in productivity. Some employees spend a considerable percentage of the working day on personal internet use, playing online games, or accessing their social media accounts. If every employee in an organization was to spend an hour a day on personal internet use, the productivity losses would be considerable. A company with 100 employees would lose 100 hours a day – That’s a loss of 26,100 working hours a year – and many employees spend much longer each day on personal internet use.
There are other issues that can result from excessive personal internet use at work. When employees use streaming services, download files via P2P networks, or engage in other bandwidth-heavy activities, it will naturally have an impact on internet speeds across the entire organization. Using a web filter to restrict internet access at work and limiting access to certain bandwidth draining activities allows businesses to ensure sufficient bandwidth is available for all employees.
If employees are accessing social media websites, downloading files, or are visiting questionable websites, the risk of malware or ransomware downloads increases significantly.
Exploit kits probe for vulnerabilities in browsers and plugins, which are then exploited to silently download malware. Traffic is usually directed to these websites through malicious adverts – termed malvertising – although high-traffic websites are constantly being compromised by hackers who add malicious content such as phishing webpages and malware.
Certain types of websites carry a high risk of resulting in malware infections. Allowing employees to access these sites, many of which are not suitable for work, could easily result in a malware or ransomware download.
The operators of legitimate pornographic websites usually take great care to ensure their sites are not compromised or infected with malware. They are, after all, legitimate businesses. However, pornographic content is often used as a lure to spread malware and there are many disreputable adult sites whose purpose is solely to infect visitors with malware or harvest credit card information. Blocking these NSFW sites not only helps to improve productivity and avoid legal issues, but it also reduces the risk of malware infections.
One of the riskiest online activities is the use of torrents sites and P2P file-sharing networks. There are few – if any – controls over the content that is shared via torrents sites and pirated music and video files are often seeded with malware, spyware, and adware. Illegal software downloads are incredibly risky as malware is often bundled in the executable files used to install the software, or in the accompanying Keygen tools that generate product keys to allow the software to be used.
A malware or ransomware attack can prove incredibly costly. Many companies have experienced ransomware attacks that have resulted in systems being taken out of action for several days or even weeks, causing massive losses as the business grinds to a halt. A ransomware attack can result in an entire network being taken out of action, as was the case with the WannaCry attacks in 2017. The NHS in the UK suffered major disruption as a result of the installation of the malware and mitigating the attacks cost £92 million. The NotPetya wiper malware campaign conducted soon after caused widespread damage. The shipping firm Maersk had its systems infected and the clean-up bill has been estimated to be $300 million.
A web filter will not prevent all malware and ransomware attacks, but it is possible to prevent certain categories of ‘risky’ websites from being visited by employees, the filtering solution can be configured to block the downloading of certain file types, and websites known to contain malware or exploit kits can be blocked. Any attempt to visit one of those websites will direct a user to a block screen. Many businesses decide to restrict internet access at work primarily to protect against malware and ransomware downloads.
Phishing is the number one cyber threat faced by businesses. It has been estimated that more than 90% of cyberattacks start with a phishing email. One of the best protections against phishing is a spam filtering solution, which will prevent the majority of malicious messages from being delivered to end users. However, no spam filter is 100% effective and some malicious messages will end up in employees’ inboxes. Employees can be trained how to identify phishing emails and be taught cybersecurity best practices that will reduce susceptibility to phishing attacks, but sooner or later an employee will likely be fooled into clicking a link in an email and will arrive at a phishing website.
When a user is directed to a website and discloses their login credentials, an attacker can gain access to their email account and all the sensitive data contained in that account. The compromised account can also be used to send further phishing emails to other employees in the organization or to customers and business contacts. It is common for a single response to a phishing email to result in several email accounts being compromised.
Phishing attacks are some of the costliest cyberattacks to resolve. Each email in a compromised account must be checked for personally identifiable information and other sensitive data. Manually checking thousands of emails can take weeks and can cost hundreds of thousands of dollars.
A web filter is an additional layer of security that helps organizations improve their defenses against phishing by providing time-of-click protection and blocking attempts to visit malicious websites. When an employee clicks a link to a website that has been added to a blacklist due to past use in phishing campaigns, the user will be directed to a block screen. TitanHQ’s web filtering solution, WebTitan, blocks attempts to access around 60 million malicious websites a week.
While most employees do not use the internet to access illegal and not-suitable-for-work content, there are always a few bad apples. The problem of accessing pornography at work is a real issue, and could be much worse than you think.
In 2014, a survey conducted by the Barna Group showed 63% of men and 36% of women have viewed pornography at work. A survey in Forbes in 2013 revealed 25% of adults have viewed porn at work, while in another survey, 28% of employees admitted to downloading porn at work. Not only is the accessing of pornography at work a major drain of productivity, but it can also lead to the development of a hostile working environment. Pornography can be used to harass and degrade employees, especially women. There have been cases of employees taking legal action against their employers over the failure to implement content controls in the workplace and prevent pornography from being accessed by coworkers.
Many businesses feel the best way to tackle the problem of pornography access in the workplace is through acceptable usage policies and greater oversight of employees by line managers. When individuals are discovered to be abusing the internet, action can be taken against individuals without having to restrict internet access at work for everyone. This does not always prove effective. Further, when pornography use at work is discovered, employees usually face instant dismissal. That carries a cost to the HR department and productivity losses while new employees are hired and trained.
The easiest solution is to use a web filter to restrict internet access at work. A web filter can be used to block access to specific websites or categories of website content such as pornographic sites and enforce acceptable usage policies. This is one of the most common reasons why businesses restrict internet access at work.
A web filter may seem like a quick and easy solution to solve the above issues, but it should be explained that companies that restrict internet access at work with web filters can encounter problems. If you restrict internet access at work using an appliance-based web filtering solution it can result in latency. Each website must be inspected before it is accessed which delays the loading of websites. In the case of secure (HTTPS) sites, each webpage must be decrypted, inspected, and re-encrypted. This places a considerable strain on resources. As more sites switch to HTTPS the problem of latency becomes a real issue.
The solution is to use a DNS-based filtering solution. With DNS-filtering, all filtering occurs in the cloud and there is no latency. There are other benefits too. Cloud-based web filters are more flexible, scalable, and do not require the purchase of any hardware which results in considerable cost savings.
When web filters are used to restrict internet access at work and they lack highly granular controls, there can be issues with the overblocking of website content. Websites that need to be accessed for work purposes may be blocked, which requires the IT support team to spend time whitelisting websites. The solution is to choose a web filter with highly granular controls, which allows content to be easily blocked without also blocking websites that need to be accessed for work purposes.
While content control software may seem like an ideal way of preventing employees from cyberslacking to make productivity gains, care must be taken when applying those controls otherwise the productivity gains may not be realized. If you restrict internet access at work, employees who were only accessing the occasional personal site may be unhappy with the new restrictions. This can have a negative effect on productivity and create a hostile working environment. Why should all employees be made to suffer because of the actions of a few? Care must therefore be taken when deciding what types of websites to block. With careful and intelligent control, you can make productivity gains and can avoid any staff issues.
One of the easiest ways to improve productivity while applying controls over internet access is to use a web filtering solution that allows time-based filtering controls to be applied. Employers can use this feature to restrict internet access at work during busy times and relax controls at others. It is easy to block access to certain sites 100% of the time and others only some of the time. With WebTitan, administrators can set standard controls during busy times such as mornings, and relax controls during breaks or outside of office hours.
There are several ways to block internet access on an employee’s computer. If you want to block internet access totally for a specific employee, be that a temporary or permanent block, you can use your existing network hardware or a firewall rule to block a specific IP address.
A web filter allows much more granular controls to be applied, such as blocking specific websites or categories of websites for a specific employee or group of employees. This option is much easier and less time-consuming if you need to block internet access – or implement partial blocks – for more than one employee. With a cloud-based web filter, these controls can be applied quickly and easily through a web portal that can be accessed by the administrator from any computer.
Many businesses want to know how to restrict internet access for employees without totally blocking access to the internet. With WebTitan it is easy to limit employee internet access selectively. Different controls can be set for different employees or groups of employees. If you have sales staff, you may want to do as much as possible to make sure they are always on the phone, and internet controls may need to be more restrictive. The marketing department may require much more lax controls since they will be required to access a broader range of websites for work. Since the filter integrates with LDAP and Active Directory, setting controls for different users and user groups is simple. You can implement organization-wide controls (e.g. adult content), department controls (social media), and individuals controls through LDAP/AD.
Internet content control is quick, easy, and cost-effective with WebTitan. The solution allows you to easily restrict internet access at work and avoid problems associated with web filtering. If you are interested in curbing personal internet use at work and improving your organization’s security posture, contact TitanHQ today for advice. You can also sign up for a free trial and evaluate WebTitan in your own environment before you commit to a purchase and can schedule a product demonstration to see WebTitan in action.
You should set up a guest Wi-Fi network if you want to allow customers and visitors to access the Internet through the same equipment as your employees as a guest network will ensure the business network is isolated. If a guest user’s device is infected with malware, it will not spread to your primary business network. Guest users will also not be able to access any internal resources or data.
The most important guest Wi-Fi security best practices are to ensure a password is set for the guest network, make sure that traffic is encrypted using Wi-Fi Protected Access (WPA or WPA2) to prevent data interception, control the content that can be accessed using a web filter for your Wi-Fi network, and monitor what your guest network is being used for.
The cost of a content filter for a Wi-Fi network is not expensive considering the protection it provides. Some solutions cost around $2.50 per user, per month. These tend to be aimed at large enterprises with complex needs. For most businesses, you can get the protection you need for around $1 per user, per month.
A web filter works for HTTPS websites if it has an SSL inspection capability. This enables the web filter to decrypt, inspect, and re-encrypt the HTTPS website and then either allow or block access to the website depending on whether or not it violates an organization’s policies.
Internet content filtering is not difficult. With a cloud-based web filter you just make a simple change to point your DNS to your service provider. Log in to your web-based user interface and use the checkboxes to select the content you want to permit or block. All malicious websites will automatically be blocked through the blacklists used by the solution.
It is very easy to block access to productivity-sapping websites using the category-blocking options in the WebTitan console. Every website is categorized according to its content using industry-recognized website classifications from organizations like the Internet Advertising Bureau. There are currently 53 categories of website in the WebTitan console; and, if an administrator wanted to prevent employees accessing (for example) dating websites, they would simply check the “Dating” box and all
Your office might be receiving more undetected spam emails than usual if the emails originate from a source not yet added to an RBL blacklist. In this case, you should activate the Greylisting test to reduce the volume of spam entering the mail server. Alternatively, it may be the case that the controls on your spam mail filter have been adjusted by the software provider, a system administrator, or a managed service provider.
The risks of applying web filter controls too aggressively are that they may impact productivity if members of the workforce are unable to access the websites they need to do their jobs efficiently. There is also the risk that, by applying web filter controls too aggressively.
