Businesses have numerous reasons to block inappropriate web content, some more obvious than others. What looks harmless to a user might be an advanced persistent threat used to steal intellectual property and sensitive customer data. Allowing employees unrestricted internet access can result in a significant drain on productivity as well. Due to risks in data protection, businesses must take steps to control web access. This post explores some of the key benefits of using a web filter to limit internet access in the workplace and some potential problems caused by using content control software.

The Problem of Personal Internet Use at Work

Internet activity will inevitably interfere with some business productivity, but revenue loss from lower productivity is only one risk. Users can download torrent software without internet restrictions and host illegal content on the corporate network. If caught, the company can face copyright infringement lawsuits.

Movies and songs require network storage space. Users downloading content to the local network could exhaust terabytes of storage capacity, which is expensive for the corporation. It’s not uncommon for administrators to restrict storage capacity based on user permissions, but this strategy can add unnecessary limitations on users needing large storage capacity. Managing storage usage can be an unnecessary overhead for IT staff.

Games and online gambling are another threat to business productivity. Some employees spend a considerable percentage of their working day on personal internet use, playing games, or accessing social media accounts. If every employee in an organization were to spend an hour a day on personal internet use, the productivity losses would be considerable. A company with 100 employees would lose 100 hours a day – A loss of 26,100 working hours a year, which can lead to millions in productivity loss – and many employees spend much longer each day on personal internet use.

The Danger of Malware and Ransomware Downloads

If employees access social media websites, download files, or visit questionable websites, the risk of malware or ransomware downloads increases significantly. Many of these downloads start with an email message, so having email filters also helps reduce the risk of a compromise from malware.

Exploit kits probe for vulnerabilities in browsers and plugins, which are then exploited to silently download malware. Traffic is usually directed to these websites through malicious adverts—malvertising—although hacked websites can also be risky. Users unaware of malicious redirects or unable to identify red flags could interact with a compromised site.

Certain websites carry a high risk of hosting malware. Allowing employees to access these sites, many of which are unsuitable for work could easily result in malware or ransomware downloads. Online gambling, piracy sites, and pornography sites are all high-risk malware hosts.

Pornographic content is often used as a lure to spread malware, and many disreputable adult sites focus on distributing malware to visitors or harvesting credit card information. Blocking these adult sites helps improve productivity, avoid legal issues, and reduce the risk of malware.

One of the riskiest online activities is using torrent sites and P2P file-sharing networks. There are few—if any—controls over the content shared via torrent sites. Pirated music and video files are often seeded with malware, spyware, and adware. Illegal software downloads are incredibly risky, as malware is often bundled in the executable files used to install the software or in the accompanying keygen (software critical registration generation executables) tools that generate product keys to allow the software to be used.

A malware or ransomware attack often results in costly consequences. Many companies have experienced ransomware attacks –either from a compromise or blocking them with intrusion prevention systems- resulting in systems being taken out of action for several days or weeks, causing massive productivity losses as business systems no longer function. A ransomware attack can result in an entire network being taken out of commission, as was the case with the WannaCry attacks in 2017. The NHS in the UK suffered significant disruption because of installing WannaCry ransomware malware. In the aftermath, it costs NHS £92 million. The NotPetya wiper malware campaign conducted soon after caused widespread damage. The shipping firm Maersk was affected, and the clean-up bill is estimated at $300 million.

A web filter will not prevent all malware and ransomware attacks but can stop employees from downloading common threats. Web filtering solutions can be configured to block the downloading of certain file types and websites known to contain malware or exploit kits. Attempting a malicious domain will direct a user to a block screen. Many businesses restrict internet access at work primarily to protect against malware and ransomware downloads.

Additional Protection Against Phishing Attacks

Phishing is the number one cyber threat for businesses. It’s estimated that over 90% of cyberattacks start with phishing emails. One of the best protections against phishing is a spam filtering solution, which will prevent most malicious messages from being delivered to user inboxes. No spam filter is 100% effective, so some malicious messages should be expected to bypass spam filters and be inboxed. Employees can be trained on identifying phishing emails and taught cybersecurity best practices that will reduce interaction with phishing messages. Some employees will click on a malicious link even with the best security training. Web content filters block the site from loading, stopping the user from completing the phishing transaction.

When a user is directed to a website and discloses their login credentials, an attacker can access their email account and sensitive data. The compromised account can also send further phishing emails to other employees, customers, and business contacts. It is common for a single response to a phishing email to result in several email accounts being compromised.

Phishing attacks are some of the costliest cyberattacks to resolve. Each email in a compromised account must be checked for personally identifiable information (PII) and other sensitive data. Manually checking thousands of emails can take weeks and cost hundreds of thousands of dollars.

A web filter is an additional layer of security that helps organizations improve their defenses against phishing by providing time-of-click protection and blocking attempts to visit malicious websites. When an employee clicks a link to a website identified in phishing campaigns, the user will be directed to a block screen. TitanHQ’s web filtering solution, WebTitan, blocks user attempts to access around 60 million malicious websites weekly.

Preventing Inappropriate Web Content from Being Accessed

While most employees do not use the internet to access illegal content, one employee downloading malicious content is all it takes for a compromised network. The problem of accessing pornography at work is a real issue and could be much worse than you think.

In 2018, the lifestyle magazine SugarCookie took a survey to find out how many people browse porn at work. The survey found that 60% of people browsed pornography from work-related devices. Another 2020 survey by Kaspersky found that more than 50% of remote workers browsed adult content from work devices.

Not only is accessing pornography at work a significant drain on productivity, but it can also lead to the development of a hostile working environment. Pornography can be used to harass and degrade employees, especially women. Employees can take legal action against their employers over the failure to implement content controls in the workplace and prevent pornography from being accessed by coworkers.

Many businesses feel the best way to tackle the problem of pornography access in the workplace is by placing traffic monitoring on the network. When individuals are discovered to be abusing the internet, action can be taken against individuals without having to restrict internet access at work for everyone. This does not always prove effective. When pornography use at work is discovered, employees usually face instant dismissal. That carries a cost to the HR department and productivity losses while new employees are hired and trained.

The easiest solution is to use a web filter to restrict internet access at work. A web filter can block access to specific websites or categories of website content, such as pornographic sites, and enforce acceptable usage policies. This is one of the most common reasons businesses restrict internet access at work.

Problems with Using a Web Filter to Restrict Internet Access at Work

A web filter may seem like a quick and easy solution to solve the above issues, but it should be noted that companies restricting internet access at work with web filters must deal with a few challenges. Restricting internet access at work using an appliance-based web filtering solution can result in latency. Each website must be inspected before it is accessed, which delays the loading of websites. For secure (HTTPS) sites, each webpage must be decrypted, inspected, and re-encrypted. This places a considerable strain on resources. As more sites switch to HTTPS, the latency problem becomes a real issue.

The solution is to use a DNS-based filtering solution. With DNS filtering, all filtering occurs in the cloud. Latency is reduced in cloud-based lookups, but organizations also have other benefits. Cloud-based web filters are more flexible and scalable and do not require provisioning and deploying additional hardware, making them cost-saving for businesses.

When web filters are used to restrict internet access at work and lack highly granular controls, it’s possible that administrators could block legitimate traffic. Websites that need access for work may also be blocked, requiring the IT support team to spend time allowing sites. The solution is to choose a web filter with integrated granular controls, which allows content to be blocked without blocking websites that need access for work purposes.

DNS-based content filtering with WebTitan blocks user browsers from loading a malicious page so that administrators don’t need to rely on antivirus to catch malware downloads

Should Companies Restrict Internet Access?

While content control software may seem ideal to prevent employees from distractions, care must be taken to avoid blocking legitimate web requests. If you restrict internet access at work, employees who only access the occasional personal site may be unhappy with the new restrictions. Administrators must balance web restrictions with allowable usage for even entertainment sites. For example, allowing local restaurant searches is probably harmless compared to searching for online gambling sites.

How to Control Internet Usage in Office and Avoid Staff Problems

One of the easiest ways to improve productivity while controlling internet access is to use a web filtering solution that allows time-based filtering controls. Employers can use this feature to restrict internet access at work during busy times and relax controls at others. For example, lunchtime enables web requests for restaurants and entertainment but throttles access during more busy business hours. With WebTitan, administrators can set standard controls during busy times such as mornings and relax controls during breaks or outside office hours.

How Can I Block Internet Access on an Employee’s Computer?

Technology infrastructure provides several ways to block internet access on an employee’s computer. If you want to block internet access entirely for a specific employee, be that a temporary or permanent block, you can use your existing network hardware or a firewall rule to block a particular IP address.

A web filter allows much more granular controls, such as blocking specific websites or categories of websites for a particular employee or group of employees. This option is much easier and less time-consuming if you need to block internet access – or implement partial blocks – for more than one employee. With a cloud-based web filter, these controls can be applied quickly and easily through a web portal that the administrator can access from any computer.

How to Limit Employee Internet Access Selectively

Many businesses want to know how to restrict internet access for employees without totally blocking access to the internet. With WebTitan, administrators can limit employee internet access selectively. Different controls can be set for other employees or groups of employees. If you have sales staff, you may want to do as much as possible to ensure they are always on the phone, and internet controls may need to be more restrictive. The marketing department may require much more lax controls since they will be required to access a broader range of websites for work. Since the filter integrates with LDAP and Active Directory (AD), setting controls for different users and user groups is simple. Through LDAP and AD, you can implement organization-wide controls (e.g., adult content), department controls (social media), and individual control.

Speak to TitanHQ About Controlling Internet Access In the Workplace

Internet content control is quick, easy, and cost-effective with WebTitan. The solution allows you to easily restrict internet access at work and avoid problems associated with web filtering. If you want to curb personal internet use at work and improve your organization’s security posture, contact TitanHQ today for advice. You can also sign up for a free trial and evaluate WebTitan in your environment before committing to a purchase. You can schedule a product demonstration to see WebTitan in action.

Get Started with TitanHQ's Web Filtering Solution.