One of the questions we're hearing more and more from our small business clients is how to get control over out-of-control web usage in the office. So much business is conducted on-line that employees need to be connected to the Internet, but in some cases, things can get out of control when some employees spend too much work time on personal web usage such as shopping, Facebook, or going to sites they're not supposed to. If web usage can't be controlled through other management techniques, or if your business has compliance requirements, it's time to think about content filtering for your site.
In some cases the concern is illegal, inappropriate, or harmful web content, and in other cases it's a matter of employee performance, and limiting personal distractions. Another big problem is that if too many users are accessing music or video sites, your network can slow down to a crawl. If your business faces some or all of these problems, content filtering is the solution.
How does it work? With content filtering, web traffic can be managed by giving access to, or denying access to particular sites or categories of sites, with individual or group controls, and time of day control. We typically recommend SonicWall solutions, but the general way these solutions work is that a comprehensive database of millions of web sites is accessed to define usage policies. Examples of categories you can block include: pornography, drugs, criminal and illegal skills, gambling, hate sites, etc.. You can also block other specific sites that are productivity distractions. When users try to access web sites, their access will be determined by the rules set up in the router. This is a simple way to centrally manage web site usage in your business.
Typically some adjustments are required to make things run smoothly (we see a lot of cases where access to necessary sites are inadvertently blocked at first), but in general, implementing a technology solution makes things clear for employees, and centralized technology makes it easy to manage. We strongly recommend carefully thinking through your company policy ahead of time, so the technology fits your business environment.
One of the strong recommendations we're making to our small business clients is to invest in gateway security to protect the perimeter of their network. Everyone these days knows how important anti-virus and anti-spyware protection are at the desktop, but far too often, small businesses only have a basic router protecting the entry to their network. With more sophisticated security threats cropping up daily, this level of protection just simply isn't enough.
While point solutions protect the individual computers locally, without gateway security, it's a bit like leaving the front door to your office unlocked. With gateway security, every bit of information entering and leaving your network is inspected against a constantly updated set of signatures for known viruses, spyware, trojans, worms, and other threats.
In July, the Wall Street Journal ran an eye-opening article "Hackers shift attacks to small firms". In the article, the author cites that in 2010, the U.S. Secret Service and Verizon Communications forensic analysis unit, which investigates attacks, responded to a combined 761 data breaches, up from 141 in 2009. Of those, 482, or 63%, were at companies with 100 employees or fewer. Visa estimates about 95% of the credit-card data breaches it discovers are on its smallest business customers. The big companies make the headlines, but smaller firms are definitely a target.
If your small business is still running on a consumer class router, it's time to start planning an extra layer of protection for the perimeter of your network.
It seems there's always a new computer threat to watch out for, and the most recent breach in the news is really scary. Dutch Certificate Authority (CA), DigiNotar, was recently hacked and the result is that fake SSL security certificates were issued. This is the Internet equivalent of impersonating a police officer. We're all taught to be careful on the web and a look for an https (Hypertext Transfer Protocol Secure) connection so we know we're safe when transmitting data. But when the certificate itself is fake, we can easily be fooled.
With a fake SSL certificate, you're vulnerable to what's known as man-in-the-middle (MITM) attacks. You think you have a secure connection when logging on to Google mail, your bank, or other sites, but because the certificate itself is fake, all your transmissions can be intercepted. We rely on SSL encryption to scramble our communications, but in this case, it's wide open to the hackers.
Microsoft effectively activated a "kill switch" yesterday to ban all use of DigiNotar certificates. If you haven't updated your system with Microsoft updates, do it now. The reference knowledgebase article is KB2607712 - http://support.microsoft.com/kb/2607712. All the major browsers have blocked DigiNotar certificates from their browsers. When the trusted authorities can no longer be trusted, who can you trust? Stay alert!