Recently the national press here in the UK was swamped with the new scandal that “more than 300,000 attempts” were made to access pornographic sites from the Houses of Parliament. I would suggest that this really is a non-story. The key word here is “attempts”, suggesting that web filters had prevented anyone from actually accessing these sites. Therefore, there really isn’t an issue with MPs being, ahem, distracted from their parliamentary duties.
What is really interesting, however, is the month-by-month breakdown of the figures provided by the Houses of Parliament. They vary wildly between 15 attempts in February 2013 to 114,844 attempts in November 2012 – very odd. However, it begins to make sense when you consider that in November, there was intense media and political investigation into various sexual offenses. It strikes me that some of our MPs may simply have been victims of an over-zealous web filter, as they were conducting research into the news. This is hardly the scandal that the press would hope for.
This is a common problem in workplaces everywhere. Web filters can be very effective in blocking unsavory material, but at the end of the day, they are machines that work by following basic rules. Basic web filters often make mistakes, as they are unable to discern context.
There is a common issue known as ‘The Scunthorpe Problem’, based on the fact that people from the town of Scunthorpe are often blocked from owning email addresses and domain names, due to the fact that their hometown contains the same string of letters as an obscenity. Such filters frequently block perfectly innocent websites and may well allow explicit websites with cleverly disguised names to slip through the net.
They also cannot differentiate between inappropriate and appropriate uses of certain words; for example, research into a health problem can be seen as accessing sexual content. Strict web filters are often found in workplaces and public hotspots. Ironically, I was blocked from searching for the parliamentary news scandal in a coffee shop, as the web filter assumed I was attempting to access sexual material.
It would be fair to say that the MPs web filtering system is more of a hindrance than a help to their productivity. This may lead to individuals flouting security policy, by trying to find ways around the blocks, just to get their work done.
The very best way to control which sites are not accessed in your workplace is ensuring that all staff members are trained in web security.
Unfortunately, in many businesses, over-zealous web filters are used in place of training, as a perceived cheap and easy option. In every work place, staff are required to be trained in health and safety, first aid, fire safety and the like, but very few are trained in web security – a lack of which could be extremely damaging to a business.
Good training and a clear policy are vitally important to ensure web security in the workplace; web filters can then play a much smaller role. Everyone needs to know which sites are and are not appropriate for a work environment, and the consequences for flouting these rules. More importantly, everyone must know what online behavior will potentially introduce damaging malware to the company’s network. It is when these policies are ignored, or not implemented properly, that web filters become the only option.
Of course, web filters are important in many scenarios, such as in a school environment. However, they should never be used as the sole protection against dangerous and explicit web content.
At the end of the day, a web filter will never be as effective as a well-informed, well-trained person making a judgment as to whether their online activity will be damaging to their company, personal reputation or break the rules of their security policy.
Bill Walker is a security analyst and technical director at QA – the UK’s largest training company – with a core specialism in cybersecurity. He consults for private enterprise and government organizations on the protection of critical IT infrastructure and information. In addition, Walker is responsible for developing QA’s relationships with key technology vendors and partners, including Microsoft, Oracle, VMWare and Citrix and for bespoke e-learning and innovation activities within QA. Prior to joining QA, he held a directorship at Xpertise and was a key member of Microsoft’s CPLS Advisory Council.