Protect Your Company With Web Filtering Tools

Access to the Internet is vital for doing business, but without safeguards in place, malware and data leaks can be a mouse click away from disaster. Network firewalls and antivirus software are common in workplaces, but more small companies are increasingly turning to Web filtering tools for additional protection.

Setting limits on what Web content employees can access can be essential for businesses involved in health care, high finance, or government work bound by regulatory requirements. Even mom-and-pop retailers must meet strict standards concerning credit card data.

More than 41 percent of small businesses use some kind of Web filtering, and two-thirds of large companies do, according to IDC research.

Preventing workers from downloading virus-laden attachments or viewing pornography are two obvious motivations for filtering. In addition, if employees while away the hours watching musical cats on YouTube, the wasted time can add up along with your bandwidth costs. Protecting your company from online threats, lost work hours, and rising costs is a balancing act, as more workers use consumer tools such as Facebook and Dropbox at the office.

"You don't want to shut down the Web to employees because they can get a lot of productivity out of it," says IDC analyst Phil Hochmuth.

Nor should you deprive an employee of an innocent diversion that helps them recharge at lunch. However, it's your company's right to limit usage of its computers and networks. You can minimize security risks and encourage productivity without creating an environment of mistrust and paranoia. To keep your network and data secure, first consider your budget, your legal needs, and your company's size and culture. Is the filtering intended to meet regulatory, productivity, or bandwidth needs?

The goal of landing an aerospace contract motivated a Houston manufacturer to enable Web filtering with a new firewall as part of a security overhaul (keep reading for the case study, below). "It wasn't like Big Brother was trying to come in," said Richard Wall, an IT consultant who worked on the project.

If you're starting from scratch in establishing basic Internet security, look for products that bundle multiple functions. Business-friendly routers with integrated firewalls and built-in unified threat management (UTM) are ideal for organizations with little or no IT staff. Or your ISP may offer security tools, such as a firewall and Web monitoring, along with Internet service and a router.

Web filtering starts with basic URL blocking. More sophisticated controls let you decide what types of functions users can access at specific sites. You can allow Facebook, for instance, but block people from playing Farmville.

WebSense, Cisco, McAfee, and Trend Micro are among the big brands in Web filtering. Plenty of dedicated cloud-based services provide Web security, such as email control, for the cost of a monthly or annual subscription.

Shutting out inbound threats, like spam and viruses, is usually the first concern. But filters also can help prevent outbound threats; you'll find these in messaging security products, such as those from Symantec, Google Postini, and Mimecast. Granular filters can crawl your network and tell if someone cuts and pastes a phrase from a confidential memo into an outgoing email message.

If you're using monitoring tools, make sure that company policies are clear. And let the tools do their job; don't track every move your staff makes to the point of losing productivity--or employees. You'll find more tips in Robert Strohmeyer's story, "How to Monitor Employees' PCs Without Going Too Far." (And on the other side of the coin, if you're not the boss, check out these ways to prevent your boss from spying on you.)

Case Study: Security Upgrade Helps Firm Land Government Contract

Intercontinental Bearing Supply Company (IBSCO) specializes in ceramic and steel ball bearings for the medical and aerospace industries.Securing a government contract would be a huge opportunity, but it would require enhancing security and modernizing an aging IT infrastructure. The Houston company hoped an IT upgrade would bring the additional benefit of increasing productivity among its 35 workers.

IBSCO's Sonic Wall network security box hadn't allowed any security breaches, but it was several years old and a nightmare to manage, taking an hour or more to change a simple security policy. The company needed a replacement that could plug into the existing IT infrastructure, which includes Mac and Windows desktops as well as Mac and Linux servers. In addition, the punched-card time-clock system for logging employees' work hours wasn't keeping up with the 21st century.

The Solution

The IT pros at Envision Design installed a comprehensive security system with intrusion detection and prevention, a network firewall with Web filtering, and a Sophos antivirus filter. First, they replaced IBSCO's existing security box with Kerio Control firewall software running on a customized appliance that was well-equipped to handle malware threats.

"They didn't want people in the clean room to get on Facebook," said Richard Wall, who creates and maintains networks for Envision Design.

The subscription-based filtering service offers a range of controls, from blocking all social media sites down to preventing banner ads or individual file extensions, even at specific times of the day. In addition, two separate networks enable guests at IBSCO to access the Internet without filters.

The next critical update was installing a biometric, thumbprint-reading time clock integrated with Qqest TimeForce software. The system gathers data and notes exceptions such as absences, an approach in line with aerospace industry standards.

The tech overhaul caused no downtime, and its cost was $5000.

The Outcome

With Kerio Control, IBSCO pays about half of what it used to on security maintenance, a savings of several thousand dollars per year. Routine administrative changes, such as adding an employee or changing Web policies, now only take a few minutes. And Web filtering has helped to boost efficiency while limiting the company's exposure to websites that may contain malware. Finally, IBSCO did indeed land the government contract, having shown it was able to satisfy all the contract's requirements.

Since 1993, Envision Design in Houston has specialized in helping small and midsize businesses with their IT needs. It provides technology budgeting and planning, software and hardware installations and maintenance, and networking analysis and configuration. You can reach Envision Design at 866/966-9406 or at

If you're an IT solutions provider serving the small to midsize business market, and you'd like to learn how you can contribute to PCWorld Tech Audit, send mail to We're always looking for more talented pros. Tech Audit is written and produced in cooperation with IT professionals in the field.

Case study submitted by Envision Design. All recommendations and opinions expressed represent the independent judgment of the authors and do not necessarily reflect those of PCWorld or its editorial staff.

Follow TechAudit and Elsa Wenzel on Twitter.

Join the CSO newsletter!

Error: Please check your email address.

Tags network securityonline securityfirewallssecuritymobile securitywireless securityFacebook

More about BossBrother International (Aust)CiscoDropboxeForceElsaetworkFacebookGoogleIDC AustraliaLinuxMcAfee AustraliaPostiniSCOSonicSophosSymantecTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Elsa Wenzel

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place