Perimeter 6min de Leitura - 25 de August de 2020

Blocking sites: Learn when and how to apply access controls to your business

Macbook e notebook lado a lado

This post is also available in: Português English Español

Controlling access to the internet during working hours is an increasingly common reality in companies, and in a way, increasingly necessary. This subject is widely discussed by researchers and companies, given the impact on business.

It is worth mentioning that the control of the use of Internet is obviously directed to content (websites / applications), which can generate distractions and are not associated with the main activity of the collaborator.

To understand more about the profile of Internet use in Brazilian companies, OSTECand NEOTRIAD, developed a research with approximately 350 professionals, seeking to identify characteristics associated to the use of the Internet. The research was segmented into two distinct profiles, according to the position the person occupied in the company: managers and other collaborators.

One of the questions made by the research asked how it would be a day without internet in the company. As a result, 48.6% of the managers reported that it would be very bad, and the percentage of response to the second profile, formed by the other types of collaborators of the company, was even greater 59.2%.

Still on the research, other interesting data surfaced, such as the fact that 44.6% of employees reported that internet access in the company is limited and controlled, however, the survey also reports that 63.3% of them use alternative means to access the internet during working hours (3G and 4G mobile access). Among the most accessed sites are social networks 46.4%, You Tube 30%, news channels 63.7 and instant communicators 50.3%.

The popularization of social networks, messaging services like WhatsApp and Skype, and the internet as a whole, are inexhaustible sources of distraction. In addition, the use of personal smartphones during the execution of professional activities, contributes to the dispersion during the accomplishment of tasks along productive hours.

After initial contextualization, it becomes easier to assimilate everything behind the decision to block websites in corporate environments. This blog post will bring some reflections on the theme and alternatives to the different reality found in companies.

Initial reflection on the theme of blocking websites

First, it is important to demystify a point, little considered by companies. When the subject blocking websitesis put in discussion, it is common that many people associate the theme with restriction of access to social networks, YouTube and instant communicators. In fact, these are sites that can interfere with employee productivity; causing losses for companies, however, before proceeding with the application of control rules, evaluate the specificities of the business and team profile to avoid unnecessary inconveniences.

Do not forget to make efforts to avoid access to content that is highly harmful to the corporate environment, such as pornography, xenophobia, homophobia, which must be restricted, irrespective of any other associated variable to business.

Therefore, it is very important that the rules of access to the corporate internet also contemplate these contents and not only those that can affect employees’ productivity, although these contents also reflect in this sense.

Establishment of internet usage policy

The Internet use policy is a document that consolidates all the guidelines related to the use of the resource in the company. This document should involve managers and employees so that the interests of both are respected as far as possible.

In the construction phase of the policy, the company must take into account the characteristics of the business, establishing access profiles, according to the reality of sectors or hierarchical levels, as defined by the teams involved.

If you are interested in deepening in the subject, keep reading the blog post Internet use policy, know the essential topics.

The Internet use policy is the document that will guide the configuration of the access rules in the security solutiondefined by the company, also ensuring that everything that cannot be controlled with the application of technology is formalized before the collaborators.

The role of the security solution in the control of Internet access

As previously mentioned, after defining the Internet use policy, it is necessary for the company to choose a solution that enables the implementation of the guidelines that were previously documented.

Prioritize products that bring you ease to establish, in an efficient way, the rules of access. In the market, there are several web proxy, solutions with different characteristics or options for unified solutions, such as UTM Firewall, which can also provide other security alternatives for the company, as well as control of access to websites.

To deepen this subject we suggest reading the blog postHow to build a highly effective policyand Content management, creating visibility for managers.

Visibility on internet usage

After defining the internet usage policy and choosing the solution that will allow it to be put in practice in the company, it is indicated that some steps are followed to obtain better results.

Before applying any type of restriction to the use of the Internet, configure the security solution for a period of at least 30 days, in order to create a visibility on the use of the internet. During this period, all Internet traffic will go through the security solution, generating logs for later analysis.

The data in the reports will serve as a subsidy to reevaluate the internet usage policy and proceed with changes, if necessary. It is primordial the period when the visibility on the use of the internet is generated, since it can reveal situations not foreseen initially in the policy.

To facilitate the analysis process, it is recommended that the security solution have the content filter feature. The categorization of contentswill facilitate the analysis phase of accesses and later, configuration of rules.

Segmenting the accesses

After creating visibility into the use of the internet by deploying the security solution, you are able to put into practice the guidelines set out in the policy.

It is worth mention that the segmentation of corporate accesses is of great value, in order to meet specific needs of sectors and collaborators. However, avoid excessive personalization of access, so that the control structure is easy to understand and maintain.

Strive to raise the needs of the company’s sectors and employees, and review this organization whenever necessary. Remember to involve multidisciplinary team in the design and re-evaluation phases of the guidelines.

In addition, regarding guidelines, assess whether your business segment is regulated by a specific RFP, if so, use the guidelines to guide internet access policies.

Another very relevant detail about the segmentation of accesses is associated with the beneficiation of users who are part of the company’s management body. Do not be tempted to grant privileges to users, regardless of the position occupied in the company. Access rules, especially those with a security focus, should in no case be made more flexible.

 Configuring access rules

The access rules, to be configured in the security solution, should follow punctually the guidelines formalized in the Internet access policy. Remembering that the access policy can be of permissive or restrictive type, according to the needs of each business. Permissive policies, by default, consider that all internet websites have free access, and you have to create access lists, inserting the url of websites that should have access blocked or controlled.

Restrictive policies work in the reverse format, in which case all websites have restricted access by default, and you must create access lists, with websites that must be released to users or groups of users, as provided in the usage policy guidelines from Internet.

Remember that you also have the possibility to create rules to release or blocking websitesby time, allowing users at some times of the day to access content such as social networks, news websites, among others.

When configuring Internet usage management rules, it will be possible to highlight the benefits associated with using a solution that includes the content categorization module, or content filter. This feature enables you to work directly with categories, containing thousands of previously organized sites, instead of building access lists containing the websites that should be blocked or released.

By following these basic steps, you can have visibility and manage the use of the internet in your company, reducing negative impacts and ensuring the good use of the internet resource. Blocking websitesor releasing them is a decision that involves analyzing from different perspectives, so bring this discussion to the agenda of corporate meetings and start the movement in your company. If you are interested in knowing a little more about this subject, take the opportunity and talk to one of our specialists.

This post is also available in: Português English Español