Limiting Internet Browsing through Content Control
Many businesses are choosing to limit internet browsing by its employees, as browsing can serve as a distraction and impact productivity. However, there is yet another reason to implement content control on your network: viruses are now commonly propagated via a method called Drive-By Downloads, which utilize known vulnerabilities in outdated versions of Flash, Java, ActiveX and your browser itself.
Cryptowall Has Been Propagated via Drive-By Download
Readers of our blog are already familiar with how Cryptowall leverages outdated software to circumvent security software, without prompting the user that anything is being installed. Cryptowall is particularly menacing, as it encrypts your entire PC and mapped network drives, and requires a ransom to be paid in order to get the files back. Other virus programmers are following suit. Specific vulnerabilities of older versions of software are published in the public domain, putting a target on users with outdated software.
According to PC World Magazine, up to 40% of PC users have outdated versions of high-risk software such as Flash, Java, and Reader. We’ve made the case before of putting a fully functional Patch Management plan in place for keeping all of these software’s up to date. However, new versions come out fairly regularly to fix newly discovered security flaws. Patch Management, therefore, may not be enough to fully protect your network.
How to Limit Internet Browsing
There are many ways to limit internet browsing. Internet Explorer, Firefox and Chrome all have features and plug-ins that can keep your PCs off of certain sites. However, these protections can easily be removed by the user, making them ineffective and difficult to manage.
Luckily, most business class antivirus solutions come with a Content Control component. At dmi Networking, we use BitDefender, which can provide content control which can’t be circumvented, and it works across all of your browsers. Categories such as social media, shopping, blogs, and more can be put on the “blacklist” or the “whitelist”. Additionally, specific sites can be allowed or disallowed, providing fully customizable limits on internet browsing.
Another great tool for limiting internet browsing is deploying a hardware firewall, such as a Sonicwall. While this can represent a recurring cost due to subscription needs, it does have the added benefit of full monitoring of each user’s internet activity. A Sonicwall or other hardware firewall is recommended for dental practices and businesses with 15-20 employees. The firewall actively scans all data coming in and out of the network, making your network as secure as it can be.
Trusted Websites Have Already Been Compromised
When drive-by downloads and malvertisements hit the scene, trusted high-traffic websites had become infected. These trusted sites include Aol, Yahoo, and Match among others. Because of the pervasiveness of this form of attack, it is not enough to have high-level, trusted employees with strict browsing habits to fully protect your systems. Anyone can fall victim to this method of attack, even when practicing the best browsing habits.
Business PCs are for Business Usage
Regardless of the culture in your office and the trustworthiness of your employees, we recommend that business PCs are used only for business usage. Your practice may allow personal email and browsing on breaks, which is a good way to keep morale high in your office. However, these activities should be limited to a PC where business is not conducted, such as a Breakroom PC.
Ideally, a Breakroom PC should not have access to your internal network in the same way that your business machines have, making it less of a threat to your network if it gets infected. It is important to keep in mind that viruses are now able to propagate through your network with increasing ease, so any PC where browsing is not limited should not have any mapped drives or central server access.
For More Information
If you are considering an anti-virus or firewall solution which incorporates Content Control on Internet Browsing, give us a call or fill out our contact form.