Many organizations choose to filter web content in order to boost their employees’ productivity and protect themselves against security threats. But this practice begs two questions. First, to what online services/web sites do organizations commonly restrict access and why? Second, how effective is this practice in defending organizations against security threats?
To answer this question, Spiceworks interviewed 645 members of its professional network for information technologists. Those respondents worked in organizations based in North America and Europe at the time of the study’s conclusion. They represented a variety of industries including manufacturing, healthcare and finance.
In its report Data snapshot: How web filtering affects workplace security and productivity, Spiceworks observed that more than half (58 percent) of organizations monitor their employees internet activity. An even greater proportion of companies (89 percent) confessed to blocking or limiting the use of one or more online services/sites.
The larger the company, the more likely it was to implement web filtering. 81 percent of small businesses consisting of up to 99 employees admitted to restricting activity. That compares to 92 percent of mid-size organizations employing 100-999 employees and nearly all (96 percent) of enterprises with more than 1,000 employees.
When it came to web filtering itself, organizations mostly restricted access to illegal sites, unethical/inappropriate web domains and online dating platforms at 85 percent, 85 percent and 61 percent, respectively. More than a third filtered social media sites, with companies mostly blocking access to Facebook (36 percent), Snapchat (36 percent) and Instagram (35 percent). Only a quarter blocked video streaming services, music streaming aps and online forums like Reddit and Quora.
Factors for Web Filtering
Organizations that implemented web filtering witnessed some improvements in employees’ productivity. To illustrate, 58 percent of those who didn’t monitor the web estimated that employees spent four hours a week on non-work-related sites, while 26 percent of businesses calculated their employees spent an average of seven hours each week on such sites. Those figures dropped to 43 percent and 18 percent, respectively, for those that did monitor.
In spite of those improvements, boosting productivity was not the chief reason cited by organizations for filtering the web. Security claimed that spot instead. Specifically, 90 percent of enterprises said they used web filtering to prevent and protect against malware infections. Many other businesses said they used it to prevent users from visiting inappropriate websites while at work and discouraging unacceptable user behavior at 84 and 83 percent, respectively. Both of these reasons involve security repercussions. Additionally, two-thirds said they implemented web filtering to avoid legal issues and comply with regulations; slightly less than that (57 percent) used the protective measures to protect corporate data from getting leaked or hacked.
It’s no wonder security topped most organizations’ lists given the fact that 38 percent of them said they experienced one or more security incidents relating to a non-work-related site in the past 12 months. The most common source of these incidents was webmail at 15 percent followed by social media at 11 percent, though just 40 percent of organizations revealed they block webmail and social media. By contrast, 80 percent of enterprises said they block illegal websites or inappropriate sites, with less than 10 percent of data breaches resulting from either vector.
Part of a Larger Security Solution
Peter Tsai, senior technology analyst at Spiceworks, said that the findings above show how web filtering can be effective in mitigating security threats but can’t do everything alone.
Online security threats exist everywhere, and cybercriminals are only getting smarter. While it’s impossible to lock down every potentially dangerous site while still allowing employees to do their jobs, website filtering solutions are an important component in a layered security strategy, even if they aren’t a cure-all solution.
For some tips on how to improve your organization’s layered defense strategy, click here.