The dark side of the Web

Effective management of the content which employees are able to access in the workplace directly affects two important factors for corporate success: productivity and company image.

Establishing effective e-mail and browsing content filters is necessary in companies of all sizes.

Failure to manage the use of the Internet, which is a critical business resource for most companies, can have significant adverse effects. It is an accepted fact that the Internet is littered with profanity, obscenity and offensive content; companies which seek to present themselves as respectable organisations that observe the law and promote good moral values do not wish to be associated with this side of the Web.

Even if employees are not visiting such sites or sending overtly offensive e-mail, one of the major issues with the Internet is that it can be an enormous time-waster. Surfing the Net for news, recreational reading or simply for fun kills productivity.

It is important for companies to realise that employees are the first line of defence as far as security is concerned.

Karel Rode, business technologist at Computer Associates Africa

Effective content filtering should be a two-phase strategy. Most Internet service providers will offer a basic service to eliminate obvious spam or inappropriate content. However, while inexpensive, these systems are generally neither context-sensitive nor customisable to meet specific business needs. Such a system is of particular value to smaller companies that would seek to optimise bandwidth usage - as an estimation of 30%-80% of Internet traffic is spurious.

An additional layer of filtering should be implemented on-site. Available solutions are not particularly costly, and offer a high level of customisability as well as automation. While the initial configuration may take some time - and would also require the services of an expert - content filters can deliver considerable value in terms of helping to manage the company image, while limiting the opportunities for employees to waste time online.

Managers need to select solutions that offer a high degree of granularity, which will allow them to be closely matched to organisational policy. Establishing the policy is the first step - have this ready before you look for a content scanner and the necessary expertise.

Choice of product is not as important as the configuration; as such, whatever filtering solution is selected should deliver a high level of granularity. It should also offer a high level of automation to 'kick off' processes for dealing with exceptions; this becomes exponentially important as the number of employees increases, as the potential administrative overload could be crippling.

However, having mentioned the above, it is important for companies to realise that employees are the first line of defence as far as security is concerned. It is therefore important for any content security campaign to cover social engineering, which emphasises the need for users to be educated as to what they can and can't do on their machines. Users, across all levels within the organisations, should strive to be aware of all of the security implications of their actions inclusive of reputation damages.

A looming threat that most employees are ignorant of is that posed by memory sticks. Due to their ease of use, low cost and mass adoption, memory sticks are beginning to impose an increased threat to network security. An unsuspecting user can comprise security by simply inserting a USB stick with a file that originated from outside the corporate network. A simple example of this would be a user uploading an infected music file, downloaded from a peer-to-peer network.

This phenomenon is taking us back to the days of the floppy drives, when network computers were not that commonplace and viruses were only able to spread through the sharing of floppies. The risk associated with memory sticks is not on the security radar yet, but it will be soon.

With the apparent increase in cyber crime, it is now more than ever advisable to review the content filtering solution on a regular basis - with the assistance of a professional - to ensure that it is performing its tasks of managing the company image and limiting productivity losses without hindering business performance.