Restricting Access to Websites Tells Employees You Don't Trust Them

By: Clay Ostlund
January 29, 2015

Businesses today face a threat that wasn’t even on the radar 20 years ago. The massive expansion of Internet connectivity and access, as well as its vital role in many work settings, has given rise to a number of security concerns and risks.

There are a few technical configurations you can have your IT team set up in order to protect your business – which I will get to at the end of this article. But let’s begin with the more important issue: your people.

Trust Your People

Just a few years ago, the trend within the industry was to restrict access to certain websites – social media sites for example – in order to protect your business from malicious attacks and to keep your employees focused on their priorities. This, however, sends a negative message to the staff that you trust to keep your business operating successfully. By restricting access to websites, you are simultaneously telling them you don’t trust their judgment, while also potentially preventing access to information they may need to do their job. I don’t want to dive too deep into the effects that mistrust (whether it exists, or your employees simply “feel” this way) can have in the work environment, but it is important for the morale and confidence of your employees to know that you trust them and their judgment.  

In addition to trust, restricting access to websites is becoming more difficult in our mobile world. It is easier than ever for people to find work-a-rounds to access the information they desire. For example, smartphones are easily turned into hot spots, which PCs can be connected to, to bypass any restrictions in place on your network.

Today, the best way to protect your information is through a combination of website use policies and technology.

Website Use Policy

 People are the biggest risk in information security, according to FRSecure. And the best way to reduce risks created by people is by providing a policy that details the rules to follow, best practices and boundaries to work within. Within this policy is the perfect place to list restricted websites. Other things commonly included in website use policies include:

  • Guidelines for using business tools for personal use
  • Time when online personal activities are permitted
  • Who employees can/cannot provide access to
  • Rules pertaining to the use of personal devices
  • Activities that aren’t allowed (i.e. gambling)
  • Privacy policies
  • Consequences of violating the policy

Sometimes all of these elements are included in one website use policy, while other businesses break them into individual policies. For example, some organizations may feel it is necessary to have specific policies for social media and BYOD use, while others simply include a section related to these elements in one all-inclusive policy.

Technical Configurations

Technology can be used to enhance protection. Below are three technical configurations your IT team can use to reduce the risk of security threats.

#1: Intrusion Prevention and Detection Systems (IPS/IDS)

Intrusion prevention and detection systems act as a sort of “border patrol.” They can block known malicious sites from communicating with your users and prevent unauthorized devices from insecurely connecting to your network.

#2: Gateway Antivirus and Malware Solutions

 If someone clicks something untrustworthy, gateway antivirus and malware solutions can detect and stop the malicious code from executing. This solution also enables applications to check for viruses, and then prevents access if attachments are corrupt and/or dangerous.

#3: Wireless Network Security

With employees and guests coming and going, it is important to secure your wireless network. Here are a few things FRSecure recommends:

  •          Break your network into segments: Guest vs. Corporate
  •          Secure access with passwords (and change them on a regular basis)
  •          Encrypt your network

 

To learn more about security technology and measures that can be taken to prevent malicious attacks, subscribe to our blog.

Get the latest Leadership updates Subscribe to Jeff's Blog

Topics: Business IT Services