Why Web Filtering Software is Critical for Businesses
Why should you use web filtering software in your company? The internet allows businesses of all sizes to access incredible amounts of knowledge and other helpful resources that are critical for business growth. Surely there’s no need to limit internet access in the workplace, right?
Here’s the thing – while the internet is an amazing tool when used appropriately, it also allows for plenty of undesirable consequences: Malicious hackers exfiltrating sensitive data, underaged persons discovering age-inappropriate content, and lost productivity when employees spend too much of their time on distracting websites.
In this CurrentWare guide, we will cover the most common uses for internet content filters, how websites are blocked, and how you can use CurrentWare’s web filtering software BrowseControl to take back control over the content accessed through your network.
Table of ContentsAbout BrowseControl Web Filtering Software
BrowseControl is a versatile web filtering and content-control software.
With BrowseControl you can…
- Block websites based on URL, content category, and IP address
- Prevent users from launching specific applications
- Block unused network ports to reduce the attack surface of your network
- Assign unique restrictions for each workgroup (computers, users, departments, etc)
What Companies Use Web Filters?
A wide variety of industries and organizations will use web filtering tools to blacklist websites that they consider to be unsafe, unproductive, or otherwise inappropriate for their users to access. The web filtering features of content-control software are used to enforce internet use policies by proactively blocking websites and applications.
Organizations That Commonly Use a Web Filter:
- K-12 Schools, Colleges, And Universities
- Private & Public Businesses
- State And Local Governments
- Healthcare Organizations
- Public Libraries
While the software used for blocking applications and filtering websites by these organizations works the same, the motivations they have for using it will vary. In the following sections, we will break down the most common reasons that schools, libraries, and private businesses use web filtering as part of their operations.
What is a Web Filter?
A web filter (also known as “content control software” or “web content filter”) is an internet access control solution that prevents employees, students, and other end-users from accessing content on the internet. A web filter blocks access to websites based on the URL, domain, IP address, or content category of the website. A web filter will allow or deny access to these sites using an Allow List (whitelist) and/or a Block List (blacklist).
Depending on the web content filtering method used these lists will either:
- Allow access to all websites except for those on the Block List (explicit deny)
- Only allow access to websites that are on the allow list (implicit deny)
- Block all websites within a category except for those that are on the allowed list (e.g. block the Social Media category but add LinkedIn.com to the Allowed List to make an exception)
The most common websites to block are those with content that is offensive, inappropriate, or high-risk. Schools and businesses use web content filtering software to block access to enforce acceptable use policies, prevent their users from accessing certain content, and reducing web security risks by blocking dangerous websites.
Use Cases For Web Filtering
- Bandwidth Management: Bandwidth abuse causes severe latency and network crashes. Organizations will use a bandwidth analyzer to identify the users and websites responsible for the excessive bandwidth usage, later adding them to their internet blacklist to prevent future abuse.
- Network & Endpoint Security: By preventing users from accessing malicious websites that are known to contain malware, an internet filter provides critical security controls for protecting sensitive data
- Productivity Management: Content filters are used to block access to distracting websites and computer applications such as social media sites, computer games, and video streaming services.
- Data Security Compliance: Organizations that are responsible for sensitive data such as personal health information (PHI) will use internet blocking tools to prevent employees from maliciously or negligently leaking data through
unauthorized data management channels such as personal cloud storage accounts. - Blocking Inappropriate Content: Administrators will use web filtering to blacklist content that are considered NSFW or otherwise inappropriate for their users such as porn, grotesque imagery, violence, and profanity. Filters prevent underaged users from accessing adult content and prevent employees from accessing websites that contribute to a hostile work environment.
Web Filtering Example 1 – Joe, Network Administrator
About Joe
As a network administrator, Joe is responsible for maintaining the network infrastructure of his company. Recently there have been complaints of high latency on the network leading to lost VOIP connections and difficulties using the internet.
Before making recommendations to invest in costly upgrades to the existing bandwidth, Joe used BrowseReporter’s bandwidth monitor to identify employees that were using excessive amounts of bandwidth. Thanks to BrowseReporter’s bandwidth usage reports, Joe quickly discovered that several employees were abusing the available bandwidth by streaming movies on Netflix during work hours.
After blocking access to Netflix with BrowseControl web filtering software, Joe reported the inappropriate use of technology to the department manager. After viewing the reports provided by Joe, the department manager agreed to review the company’s Acceptable Use of Technology policy with their team.
Joe’s Content Restriction Policy
- BrowseReporter’s bandwidth usage reports allow Joe to see which users and websites are using excessive amounts of bandwidth.
- Web filtering blacklists are maintained to block high-bandwidth websites such as YouTube, Netflix, and personal cloud storage accounts.
Web Filtering Example 2 – Zayn, Office Manager
About Zayn
Zayn has noticed a serious decline in employee productivity in his office. To cut back on internet-based distractions, he has installed BrowseControl web filtering software on his employee’s computers to block access to unproductive websites during work hours.
Zayn’s Content Restriction Policy
- The web filter is configured to only block unproductive websites during work hours. During designated break periods, employees are allowed to use the internet freely.
- Internet traffic is monitored with BrowseReporter to identify inappropriate web surfing behavior. Frequently abused websites are manually added to the blacklist on BrowseControl.
Web Filtering Example 3 – Tyler, Public Librarian
About Tyler
As part of his CIPA compliance requirements, Tyler uses a web filter to help protect his underaged patrons from accessing age-inappropriate visual content.
As a librarian, Tyler is passionate about ensuring that his patrons have access to the resources they need to perform legitimate research. Because of this, Tyler has ensured that his web content filtering solution is easy-to-use so that everyone on his staff can disable the filters for specific users on request.
Tyler’s Content Restriction Policy
- Tyler uses web filtering software with a category filtering database to easily block any websites that are tagged as being associated with adult-oriented content.
- To protect the freedom of information of his patrons, Tyler has provided library staff with instructions on how to easily disable the web filtering software for certain websites on request.
Web Filtering Example 4 – Sylvie, Healthcare Worker
About Sylvie
Sylvie is the HIPAA Security Officer for her company. She uses strict internet access controls to protect the sensitive personal health information (PHI) of patients against internet-based threats such as malware and unsanctioned cloud storage sites.
Sylvie’s Content Restriction Policy
- Internet access is blocked except for the exact domains needed by her team to perform their roles.
- When new websites need to be accessed, Sylvie adds them to her BrowseControl web filtering allow list.
- All non-essential computer applications are blocked to protect patient data against illicit data exfiltration
How Web Filtering is Used by Schools and Libraries
The use of internet filtering tools is a hot topic in the EdTech space. The key debate surrounding content filtering in schools and libraries is this: are web filters too restrictive?
Schools and libraries are in the tough position of determining how to implement content filtering in a way that balances intellectual freedom with the desire to protect networks against malware while also preventing their underaged internet users from accessing age-inappropriate content.
The Children’s Internet Protection Act (CIPA) vs Intellectual Freedom
In the United States, the Schools and Libraries Program – better known as “E-rate” – requires that these institutions maintain CIPA compliance in order to qualify for discounts on their internet and telecommunication infrastructure.
Under CIPA, schools and libraries are required to implement content filtering technology that is designed to prevent underaged users from viewing inappropriate content on the internet. This has raised concerns that the required CIPA filters conflict with an American citizen’s First Amendment freedoms and the core values of librarianship.
Because schools and libraries that do not implement an internet filter for CIPA compliance are ineligible for highly sought-after discounts on critical internet and telecommunications technology, the use of web filters is naturally highly prevalent. While the intention of CIPA is to block underaged users from viewing inappropriate visual content, there is the potential that an overzealous implementation of filtering technologies will inadvertently block patrons from accessing legitimate research.
The Debate on Internet Filtering in Schools and Libraries:
- Digital Literacy: There are concerns that by filtering internet access, students are not afforded the opportunity to develop their digital literacy skills. While schools and libraries acknowledge the importance of digital literacy, they are typically forced to err on the side of caution by proactively filtering access to harmful material on the internet.
- Intellectual Freedom: As schools and libraries are educational institutions, there is plenty of debate as to whether or not their use of web filtering is a form of censorship that infringes on a citizen’s right to access legitimate research and constitutionally protected speech.
To maintain a balance between ensuring intellectual freedom while simultaneously preventing access to objectionable content, the filtering software used to block internet access in libraries and schools must allow designated staff to easily disable the internet filter for a specific user after a request is made.
How Web Filtering Helps Fight Distractions in the Classroom
To mitigate classroom distractions, schools with one-to-one computing (“1:1”) programs rely on internet filters to ensure that their students are not distracted by technology during class time. Web filtering software allows students to access digital learning materials without unproductive websites and computer applications becoming a hindrance to their learning.
Internet Filtering in Adult Education
Colleges and universities are less concerned about directly blocking access to adult-oriented content on their network as the acceptable use of technology in education is more readily understood and followed by adult learners. K-12 schools are more restrictive with their internet access enforcement as students are still developing their digital literacy skills and are at a higher risk to inappropriately access objectionable content.
While some degree of filtering may be used in adult education institutions to block clearly objectionable content such as pornography, they are typically less restrictive with their internet access policies as they do not want to infringe on the legitimate research needs of their students. Internet filters are instead used as an added layer of protection against web-based cybersecurity risks.
How Web Filtering is Used by Businesses
Businesses typically place a greater emphasis on network and data security as their employees will have a direct connection to the networks that have access to sensitive data, whereas schools typically provide students with a designated network that is separate from the ones used to store and process sensitive data.
Why Businesses Use Content Filtering:
- Employee Productivity: Employers use content restriction software to improve employee productivity and prevent time theft by blocking access to distracting websites and applications such as Facebook and computer games.
- Data Security: To protect sensitive corporate data such as intellectual property (IP) and customer records against internet-based threats, businesses will deploy web filtering software to restrict their endpoints from accessing dangerous websites.
- Work Environment: Workplaces aim to mitigate against the creation of a hostile work environment by blocking access to NSFW websites that can make employees feel unsafe or uncomfortable such as pornography, hateful content, or insensitive jokes.
- Anti-Piracy: Piracy in the workplace poses incredible data security and compliance risks – these platforms can be used to exfiltrate data and can lead to the downloading of files that contain malware. Aside from the cybersecurity risks, employers are often liable for any related litigation and fines associated with the use of unlicensed software in their organization.
Web Filtering & Employee Productivity
“Cyberloafing” is a term used to describe the phenomenon of employees surfing the internet for non-work reasons during paid working hours.
With reports showing that employees can spend as much as 2.5 hours per day on non-work internet activities, an employee making $15 per hour will cost their employer over $73,000 per year in unproductive internet browsing.
Managers that are concerned about time theft caused by excessive unproductive internet use will use web filters to block commonly abused websites such as social media and online gaming sites.
Web Filtering & Preventing Hostile Work Environments
The use of the internet to harass coworkers in the workplace leads to a hostile work environment – this highly inappropriate use of workplace technology causes severe employee disengagement when the harassing behavior is not adequately addressed. While web filtering alone cannot fully prevent employee misconduct, the proactive blocking of inappropriate websites can reduce the opportunities for malicious employees to spread harmful content to their coworkers.
Web Filtering & Anti-Piracy
Web filters that include application blocking features will prevent employees from using peer-to-peer (P2P) file sharing platforms in the workplace by blocking access to the websites and applications that are used to download pirated materials.
Why Piracy In The Workplace Is Dangerous:
- Stolen Software: Organizations such as The Federation Against Software Theft (FAST) and The Software & Information Industry Association (SIIA) work with software companies to prosecute companies that have been found to be using unlicensed software.
- Data Exfiltration: Warez and P2P platforms can lead to incredibly damaging data breaches. These platforms can be used to transmit corporate data to unauthorized parties that may use the data for identity theft or for learning trade secrets.
- Malware Intrusions: Files that are introduced to corporate networks through P2P platforms can lead to intrusions from advanced persistent threats (ATP) after their malware is unknowingly installed alongside the pirated files.
How Web Filtering is Used by Government & Healthcare Organizations
Healthcare organizations and government entities are often subject to strict regulatory requirements that mandate the use of technical safeguards to protect sensitive data in their custody. Internet filters are frequently deployed as an added layer of defense against external threats that can be transmitted through compromised and malicious websites.
Government & Healthcare Data Security Compliance Frameworks:
- HIPAA: Healthcare organizations in the United States are required to maintain compliance with The Health Insurance Portability and Accountability Act. The intention of HIPAA is to establish a security and privacy framework that protects the sensitive personal health information (PHI) of patients.
- PIPEDA: In Canada, all forms of personal data are protected by The Personal Information Protection and Electronic Documents Act. PIPEDA serves as a federal framework that Canadian provinces can use to create their own substantially similar data security and privacy frameworks.
As government and healthcare organizations need to access a large quantity of sensitive data as part of providing critical services, they are often targeted for ransomware attacks. Ransomware is a type of malware that is used by cybercriminals to maliciously encrypt data on the victim’s system until they pay their attacker a ransom in the form of cryptocurrency.
Ransomware attacks have become increasingly common as members of malicious hacker networks increasingly supply would-be attackers with “Ransomware as a Service) (RaaS) platforms that allow them to easily execute ransomware attacks without needing to develop and execute their own programs. Web filtering helps fight against ransomware attacks by proactively blocking websites that are used to execute ‘drive-by downloads’ that infect a user’s machine with the ransomware software without their knowledge.
Content filtering software that can block Windows applications also protects against unauthorized computer programs (“Shadow IT”). Shadow IT programs can be a critical data security risk as they aren’t properly monitored and managed by the corporate IT department and employees can potentially be sharing confidential files through them.
How Websites Are Identified For Filtering
There are well over 1 billion sites currently on the world wide web, and approximately 380 new websites are created every minute! With such a massive influx of information, how can web filtering keep up?
Manually Configured Blacklists & Whitelists For Internet Pages
The two core components of identifying the websites that will be managed by your internet filtering software are its whitelists and blacklists.
Whitelist: A whitelist (aka an allowed list) is a list of the websites (domains), URLs, and ports that you would specifically like to allow on your network. Whitelisting is typically used in a deny-by-default approach when administrators would like to block access to the entire internet except for the websites on the whitelist.
Blacklist: A blacklist (aka a blocked list) is a list of the websites (domains), URLs, and ports that you would specifically like to block from your network. Manual blacklisting-only approaches are typically used when administrators want to allow access to the majority of the internet with a few exceptions.
URL Filtering vs Domain Filtering
Before manually configuring whitelists and blacklists, it helps to know the difference between a domain and a URL as they can be used in unique ways to further refine your internet filtering configuration.
- Domain & Wildcard Filtering: The domain is the name of the website (e.g. CurrentWare.com). By default, BrowseControl uses wildcard filtering to block all of the web pages that are a part of your blacklisted domains. For example, if you place the CurrentWare.com domain on your BrowseControl blacklist (but why would you?) it will simultaneously block CurrentWare.com/support and every other page that is on CurrentWare.com.
- URL: This is the acronym for “Universal Resource Locator”. URL filtering is more specific than domain filtering as it uses an exact web address to identify a specific webpage (e.g. CurrentWare.com/Support). If you would like to allow users to access a domain except for specific webpages (or vice-versa), you can place the URLs of the specific pages you want to allow or block into your whitelist or blacklist.
URL filtering is best used to make unique refinements to an existing whitelist or blacklist. For example, if you are using BrowseControl’s Category Filtering feature to blacklist domains that pertain to specific categories you can make an exception for a specific URL by adding it to your whitelist.
Category Filtering
Because of the substantial amount of websites on the web today, manually blacklisting websites simply isn’t enough to keep up. Internet filtering software with a category filtering database is designed to help network administrators manage their desired content restrictions more efficiently by allowing them to seamlessly block or allow millions of websites across hundreds of predefined categories in just a few clicks.
Category filtering is incredibly useful for blocking websites based on specific intents such as increasing productivity, preventing access to obscene content, and blocking access to websites that are known to be compromised by malware.
How to Use Category Filtering:
- Increase Productivity: Social media and humor sites distracting your employees? Those categories are pre-defined along with hundreds of other categories that may be inappropriate for the workplace.
- CIPA Filter: Want to prevent access to inappropriate visual content to meet CIPA compliance? By blacklisting all of the categories that are adult-oriented or otherwise not considered safe for underaged users you can easily block objectionable content.
- Malware Prevention: Category filtering databases that include blacklists for websites that are known to be risky are excellent for providing a critical layer of security against web-based threats. Websites that belong in categories such as Warez, Virus Infected, Phishing, and Spam can be easily blocked with a category filtering database.
Port Filtering
Port filtering blocks internet access using dedicated network port numbers that are standardized by the Internet Assigned Numbers Authority (IANA). Using port filtering, you can block access to network ports that are used for specific functions such as File Transfer Protocol (FTP), torrenting, and proxies.
Keyword Filtering
While some web content filtering technologies use keywords to identify potentially objectionable content, a keyword filtering approach often leads to false positives. This unintentional over filtering of content based on keywords is known as the Scunthorpe problem; with keyword filtering in place any web pages related to Scunthorpe – an industrial town in Lincolnshire, England – will be wrongfully filtered.
How to Use Web Filtering Software In Your Company
This next section covers the general steps you can take to use a web filter in your company. If you would like personalized guidance and advice on how to use CurrentWare’s content control software BrowseControl to implement the best internet filtering for your organization, our expert technical support team is here to help.
1) Features to Consider When Buying Internet Filtering Software
Web and application filtering solutions are capable of much more than simply blocking websites and applications – the best internet filters come with a variety of features designed to provide you with the exact content filtering configuration needed to manage your network.
Features Included in the Best Internet Filtering Software:
- Bespoke Restrictions: Do you want to customize your content restrictions based on users and devices, or will you be using a catch-all strategy that blocks everything exactly the same throughout the entire network?
- Blacklists and Whitelists: Do you know the exact websites you want to allow/block, or will you benefit from having access to a database that can seamlessly manage millions of websites across hundreds of predefined categories?
- Ease of Use: Who will need to manage your web filter? Is the software intuitive enough for all of your trusted staff members to modify content restrictions or will modifications need to be escalated to your IT department?
- Content Control: Will you only be managing internet use, or will applications need to be considered? With some desktop applications having integrated internet browsers your users may discover new methods for bypassing your content restrictions. Unmanaged applications are often capable of exfiltrating sensitive data, leading to seriously damaging data breaches.
- When to Filter: Are there designated periods (lunch breaks, recesses, etc) where internet access restrictions should be modified? If so, your filtering software should come with features for automating adjustments based on these occasions.
- Local or Cloud: Should your solution be maintained on-site for full control over your data, or are you comfortable sharing data with a cloud-hosted service? Depending on your data security needs you may desire greater control over corporate data.
- Remote Workers: If you have employees that work from outside of the office, your web filter needs to be capable of providing them with the same level of network and endpoint security as your in-house employees. All of the software solutions in the CurrentWare suite allow for remote workforce management through a variety of methods such as operating through an enterprise VPN connection, port forwarding, customer-managed cloud deployments, and through its integrated offsite mode.
Internet Filtering vs Internet Monitoring
As part of your internet management strategy, you can use internet monitoring in tandem with internet filtering. We’ve written a detailed overview of the different use-cases for internet filtering and monitoring in the past if you’d like to read more.
For the best results, many CurrentWare customers opt to use both methods to create a robust internet usage management ecosystem that addresses their policy enforcement needs while also providing valuable insights into how their workforce uses their organization’s assets.
Boston Centerless has made great use of CurrentWare’s internet usage management software by combining internet monitoring with web filtering. They use BrowseReporter’s internet and application monitoring features to regulate the browsing habits of their employees and they use BrowseControl’s web filter to block access to websites that BrowseReporter has indicated as being commonly abused.
2) Tips For Creating Blacklists In Your Web Filter
User context is important. What is considered an inappropriate website for one user may be required by another user to perform their work. Blocking social media is great for reducing distractions in the workplace, but if you block your marketing and public relations staff from accessing your organization’s social media accounts they cannot perform that part of their role.
With the wide variety of users connecting to your network, your web filter needs to include granular customizations for your blacklists. With BrowseControl you can configure unique software-enforced policies for each of your devices, departments, and users based on their exact content filtering needs.
3) How to Deploy Web Filtering Software Agents
If you have dozens, hundreds, or thousands of users to manage, manually installing the software agents for your web filtering solution will be a tedious task. CurrentWare supports advanced deployment methods for BrowseControl and the other solutions in the CurrentWare suite, allowing you to easily perform a remote client install for all of your users from the convenience of a centralized console.
Currentware Products Can Be Deployed in a Variety Of Ways:
- Active Directory with a Batch or .MSI File via Windows Group Policy
- Command Line Installation
- Remote Client Installation
- Standalone Installation
- SQL Server or Firebird Database Installation
- Local Installation
Conclusion
Web filtering is an excellent tool for enhancing endpoint security, managing productivity, and preventing users from accessing inappropriate content. If you would like to start using content-control software to manage internet and application use in your organization, reach out to the CurrentWare team today and we will give you a FREE trial of BrowseControl so you can see the power of content filtering first-hand.
If web filtering is part of your cybersecurity plan, you will get the best value by purchasing the entire CurrentWare suite. CurrentWare’s software suite includes solutions for USB device control, advanced computer power management, internet filtering, and computer monitoring.
All of CurrentWare’s solutions operate from a centralized console, making web filtering and device control policy management for all your users a breeze.