Access to the Internet is vital for doing business, but without safeguards in place, malware and data leaks can be a mouse click away from disaster. Network firewalls and antivirus software are common in workplaces, but more small companies are increasingly turning to Web filtering tools for additional protection.
Setting limits on what Web content employees can access can be essential for businesses involved in health care, high finance, or government work bound by regulatory requirements. Even mom-and-pop retailers must meet strict standards concerning credit card data.
More than 41 percent of small businesses use some kind of Web filtering, and two-thirds of large companies do, according to IDC research.
Preventing workers from downloading virus-laden attachments or viewing pornography are two obvious motivations for filtering. In addition, if employees while away the hours watching musical cats on YouTube, the wasted time can add up along with your bandwidth costs. Protecting your company from online threats, lost work hours, and rising costs is a balancing act, as more workers use consumer tools such as Facebook and Dropbox at the office.
"You don't want to shut down the Web to employees because they can get a lot of productivity out of it," says IDC analyst Phil Hochmuth.
Nor should you deprive an employee of an innocent diversion that helps them recharge at lunch. However, it's your company's right to limit usage of its computers and networks. You can minimize security risks and encourage productivity without creating an environment of mistrust and paranoia. To keep your network and data secure, first consider your budget, your legal needs, and your company's size and culture. Is the filtering intended to meet regulatory, productivity, or bandwidth needs?
The goal of landing an aerospace contract motivated a Houston manufacturer to enable Web filtering with a new firewall as part of a security overhaul (keep reading for the case study, below). "It wasn't like Big Brother was trying to come in," said Richard Wall, an IT consultant who worked on the project.
If you're starting from scratch in establishing basic Internet security, look for products that bundle multiple functions. Business-friendly routers with integrated firewalls and built-in unified threat management (UTM) are ideal for organizations with little or no IT staff. Or your ISP may offer security tools, such as a firewall and Web monitoring, along with Internet service and a router.
Web filtering starts with basic URL blocking. More sophisticated controls let you decide what types of functions users can access at specific sites. You can allow Facebook, for instance, but block people from playing Farmville.
WebSense, Cisco, McAfee, and Trend Micro are among the big brands in Web filtering. Plenty of dedicated cloud-based services provide Web security, such as email control, for the cost of a monthly or annual subscription.
Shutting out inbound threats, like spam and viruses, is usually the first concern. But filters also can help prevent outbound threats; you'll find these in messaging security products, such as those from Symantec, Google Postini, and Mimecast. Granular filters can crawl your network and tell if someone cuts and pastes a phrase from a confidential memo into an outgoing email message.
If you're using monitoring tools, make sure that company policies are clear. And let the tools do their job; don't track every move your staff makes to the point of losing productivity--or employees. You'll find more tips in Robert Strohmeyer's story, "How to Monitor Employees' PCs Without Going Too Far." (And on the other side of the coin, if you're not the boss, check out these ways to prevent your boss from spying on you.)
Case Study: Security Upgrade Helps Firm Land Government Contract
Intercontinental Bearing Supply Company (IBSCO) specializes in ceramic and steel ball bearings for the medical and aerospace industries.Securing a government contract would be a huge opportunity, but it would require enhancing security and modernizing an aging IT infrastructure. The Houston company hoped an IT upgrade would bring the additional benefit of increasing productivity among its 35 workers.
IBSCO's Sonic Wall network security box hadn't allowed any security breaches, but it was several years old and a nightmare to manage, taking an hour or more to change a simple security policy. The company needed a replacement that could plug into the existing IT infrastructure, which includes Mac and Windows desktops as well as Mac and Linux servers. In addition, the punched-card time-clock system for logging employees' work hours wasn't keeping up with the 21st century.
The IT pros at Envision Design installed a comprehensive security system with intrusion detection and prevention, a network firewall with Web filtering, and a Sophos antivirus filter. First, they replaced IBSCO's existing security box with Kerio Control firewall software running on a customized appliance that was well-equipped to handle malware threats.
"They didn't want people in the clean room to get on Facebook," said Richard Wall, who creates and maintains networks for Envision Design.
The subscription-based filtering service offers a range of controls, from blocking all social media sites down to preventing banner ads or individual file extensions, even at specific times of the day. In addition, two separate networks enable guests at IBSCO to access the Internet without filters.
The next critical update was installing a biometric, thumbprint-reading time clock integrated with Qqest TimeForce software. The system gathers data and notes exceptions such as absences, an approach in line with aerospace industry standards.
The tech overhaul caused no downtime, and its cost was $5000.
With Kerio Control, IBSCO pays about half of what it used to on security maintenance, a savings of several thousand dollars per year. Routine administrative changes, such as adding an employee or changing Web policies, now only take a few minutes. And Web filtering has helped to boost efficiency while limiting the company's exposure to websites that may contain malware. Finally, IBSCO did indeed land the government contract, having shown it was able to satisfy all the contract's requirements.
Since 1993, Envision Design in Houston has specialized in helping small and midsize businesses with their IT needs. It provides technology budgeting and planning, software and hardware installations and maintenance, and networking analysis and configuration. You can reach Envision Design at 866/966-9406 or at EnvisionDesign.net.
If you're an IT solutions provider serving the small to midsize business market, and you'd like to learn how you can contribute to PCWorld Tech Audit, send mail to email@example.com. We're always looking for more talented pros. Tech Audit is written and produced in cooperation with IT professionals in the field.
Case study submitted by Envision Design. All recommendations and opinions expressed represent the independent judgment of the authors and do not necessarily reflect those of PCWorld or its editorial staff.