webWhen Tim Berners-Lee first conceived of a system of interlinked documents that could be accessed over a world-wide network, nobody could have foreseen what a tangled Web we would weave. Today’s web is an amazing source of information and entertainment. It can be an invaluable resource for workers, helping them to ferret out facts, get step-by-step instructions, and resolve questions in minutes instead of the hours or days the same task might have taken thirty years ago.

However, as with any powerful tool, there’s a down side to putting this capability into the hands of employees who are, after all, subject to the all-too-human tendency to sometimes put pleasure ahead of work. An Internet-connected web browser opens the door to all sorts of temptations and distractions that can wreak havoc on productivity in the workplace.

A “quick check” of a personal email account can result in half an hour lost, reading and replying to messages. A foray over to Twitter to post “just one tweet” can end up with you scrolling through dozens more posted by those you follow, and clicking on links contained in them; before you know it, another thirty minutes is gone. Facebook friends beckon with memes, cats and food photos. Google+ calls to members to come over and hang out.

Social networks aren’t the only time-wasters. Amazon flaunts all those great deals with only one left in stock. News sites shout sensational headlines that are hard to resist. It’s easy to get lost in a maze of funny videos on YouTube. Political junkies can easily become embroiled in time-consuming heated arguments on forums dedicated to their issues of choice. Market watchers are compelled to keep an eye on their favorite stocks. Web-based chats are easier to get away with than personal phone calls. Online games can consume huge chunks of time that should be spent tending to business.

It’s not that workers necessarily set out to spend their days goofing off, but when they’re surrounded by all these enticements, it can be difficult for them to stay on the straight and narrow all the time. And let’s face it: some folks will take it further, and visit sites that can get them – and maybe even the company – in trouble. Gambling sites, “adult” (porn) sites, hacker sites, software piracy sites, hate group sites or those that promote criminal violence or terrorism: employees accessing any of these could create legal ramifications and/or bad publicity and damage to the reputation of the organization. It can also create problems for other employees. Finally, these types of sites often contain viruses and other malware that can infect systems and spread throughout your network.

To protect both the company and its employees, it’s important for orgs to create usage policies to govern web surfing on company time, on company premises, and/or when using company equipment. That’s a first step, but sometimes (okay, often) it’s not enough. Some people self-police but some can’t or won’t. Some people may not understand or remember all of the policies. Sure, you can take disciplinary action but by the time you find out about the violation, the damage may already be done.

The problem was spawned by our modern technology, so a technological enforcement solution makes sense. Instead of expecting users to adhere to the rules on their own, you can make it easier for them (and for you) by deploying a web monitoring and filtering solution. Then, rather than reacting to policy violations, you can proactively prevent them from occurring in the first place.

There are plenty of products out there, but some are better than others. They all start with the same goal: to block attempted access to undesirable web sites. There are different ways to do that, though. A simple blacklist checks each site against a list of known “bad” sites and blocks any that are on the list. A whitelist works in reverse, using a list of known “good” sites and allowing access only to the sites that are on the list. Sites can generally be filtered based on content categories – for example, you could block sites that pertain to alcohol, drugs, dating services and/or games.

These methods are simple and straightforward, but there are problems inherent in them. With a white list, employees’ access to many useful sites is blocked because they haven’t been put on the list. The problem with blacklisting is that you have to wait until someone discovers that a site is undesirable and puts it on the list; otherwise employees will be able to go to it.

Reputation-based filtering goes further, by analyzing many different characteristics of each site and then assigning it a score that reflects the probability of it posing a risk. This gives you more flexibility, so that for example, you can allow access to sites in the “entertainment” category but sites in that category with a low reputation score would be blocked. You might also want to allow access to social network sites such as Facebook, but block the apps and games on the site that are big time sinks and can be used to disseminate malware.

Filtering can also be based on the type of network traffic generated. You might want to allow access to news sites but not the streaming videos that are often available on news sites. Streaming media uses a lot of bandwidth, and may also be more prone to abuse/time-wasting than straight text news stories. It’s even better if you can block specific media applications (for example, iTunes) and control employees’ downloads from the web.

A good web monitoring solution will give you plenty of options, letting you enforce not only content policies but also how much time workers spend on the web and how much bandwidth they use. Of course, it will also provide good reporting, with activity logs that record documentation of usage data. The web may seem a little like the wild, wild west when you consider all the dangers out there, but web monitoring software can act like a new sheriff in town, taking control and bringing order to the digital business environment.

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!


Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.