The results of the survey of 200 SMBs by Opinion Matters on behalf of GFI show that even in the face of such infections, a majority of web monitoring software users do not cite defense of their network as the main driver for deploying such a tool.
Close to a quarter of all respondents use web monitoring software to ensure employee productivity; 13.5% to conserve network bandwidth and speed; 11.5% to prevent employees from visiting inappropriate sites; and 11.5% of all respondents do not use web monitoring or filtering software at all.
In addition, the survey found that 70% of those not using web monitoring or filtering software claim that web use is not a problem in their organization. “That is a misconception”, said Phil Bousfield, general manager of GFI’s Infrastructure Business Unit. “While it is necessary to have good email and desktop protection, it also becoming good practice to have protection for the sites that you browse”, he told Infosecurity.
“At the same time, 40% of the people think they have experienced a security breach because of people navigating to a site that loaded them up with malware. Does this work out? Forty percent of people say [they think web use resulted in a data breach], but 70% say web use is not a problem”, Bousfield observed.
Nearly one in three (27.5%) SMBs do not have a policy in place to govern employee use of social networking sites such as Facebook and Twitter; 16% of SMBs have a social networking use policy, but have no way of monitoring whether employees are adhering to it; 42.5% of respondents do not have a tool in place that measures the safety of a given website based on a rating of its reputation, but 27% say this is a capability they would be interested in.
“The first thing an organization should do is decide what their policy is. They shouldn’t implement a web monitoring tool before they do that….These tools give you defenses against the things you don’t want to be dealing with, such as viruses and pieces of malware. They also give you the ability to say, ‘There are some types of behavior I don’t want’, for example, a lot of social networking”, Bousfield said.
“It all starts with a policy. It all starts with the company saying, ‘This is what is acceptable, and this is what is not.’ A policy makes things clear”, he said.