The web is full of threats. Your employees and team mates are browsing the web freely on their personal devices, but when it comes to devices that touch your company data, you want more control. Spam and web filtering to protect small business are a part of your overall content filtering plan.
Content filtering is a part of your overall cyber security plan.
Spam, web and content filters function similarly to spam scoring and filtering processes and share many of the same trust level indicators.
Spam and web filters allow you to block entire categories of websites from being accessed, or specific URL's.
Automation and artificial intelligence tools used in web filtering can crawl and inspect websites to classify the ‘site type’.
Once a site is classified (eg. Business, sports, commerce, social etc). it can be blocked by a content filter.
As a business owner, you can opt to cast a wide net and block all websites of a category (block all social media) or you can block sites more narrowly using rules within your tools.
Eg. if site exists in a specific category and also has a low trust score then block it (e.g. block Facebook on all company owned computers).
Online Risks To Your Small Business
The temptations are great for staff to spend all day on Facebook or Twitter or Reddit. They design these sites specifically to be time sinks and the longer they have your eyeballs, the more advertisements they can show you.
These sites rob your business of the productivity of your staff. It is perfectly reasonable to block Facebook from work computers or during work hours to mitigate this time sink.
Business Owner Legal Liability
Did you know that you may be liable for what your employees do on your computers and internet connection? Employees can cause a data or privacy breach that you must report to authorities and clients.
Business owners have been given this solid advice so many times that you have either already adopted it or are numb to it. If you have not yet adopted good antimalware/antivirus tools, do it now. Free tools are not adequate as they lack active filtering which catch most threats.
To improve your cyber security, increase your employees' productivity, and reduce legal liability – whitelisting safe websites, blacklisting unsafe content, web filtering and content control are essential. As an SMB, configuring these cyber security tools may be challenging without in house IT staff.
Since IT management is complex, hiring a managed it services provider to setup, configure and maintain your IT security is recommended.
To learn more about web filtering and IT Security, read our guide on Understanding Endpoint Protection Detection For SMB's.
Using Firewall And Endpoint Software To Blacklist Websites and Filter Spam To Protect Your Small Business
There are many defense mechanisms that can be employed to protect you from spam and malicious websites.
At The Source
Your email server will have its own spam filtering capability. If you are using G Suite or Office 365, this is largely pre-configured for you. If you use email from your web host provider, they will often employ spam assassin from Apache foundation which will require a bit of configuration and tuning on your end.
In Front Of The Source
There are many third-party spam filters that deploy a cloud service in front of your mail server and filter out spam before it even gets to your email host. This is typically done by changing your DNS record to route your mail to the spam filter first, who will then reroute it back to your email server. Some leaders in this area are Barracuda, Proofpoint and Ironscales.
At The Network Perimeter
The delineation point that separates the internet from your network is a firewall. A capability of many firewalls is content inspection, classification and blocking. This is a powerful tool in your protection arsenal and shouldn’t be downplayed.
While most cyber security focus is (legitimately) placed on the endpoint now, the more that you can filter out at each stage of digital traffic, the more you reduce your risk of being exposed to an infected email/website.
At The Endpoint
This is your second last line of defense and a fast growing area of IT Security. If spam/phishing or malicious websites have bypassed all your other filtration techniques, software running on the endpoint (computer, tablet) should find and remove whatever is left, depending on the quality of the endpoint protection software.
There are some subpar applications in this department and most of the worst ones are the big names you know. They have great marketing departments but sub par programmers.
Work with an IT Consultant to get quality tools in place, such as BitDefender endpoint protection or ESET NOD32. A great endpoint scanner is the built in Windows defender. It has come a long way from its humble roots and is often on-par and sometimes better than the top shelf endpoint protection software.
At The Fingertip
The very last line of defense is with the user’s behaviour.
The Chubb's Third Annual Cyber Report reveals that educating employees on IT security is crucial for SMBs looking to prevent cyberattacks. It's not only the technical aspects of your business that make it susceptible to data breaches – untrained employees and human error cause just as many breaches.
User education is an important layer of your overall cyber security plan. Nothing is better for IT security than developing a culture of security with the people that are the targets of cyber crime – your employees.
Your employees, especially new ones, need to be educated on online cybersecurity best practices to protect themselves and your business against malicious intent. By generating awareness of security threats and how your employees are likely to encounter them, employees new and old will know precisely what procedures to follow when they identify a risk.
There will come a time when something bypasses all the normal layers of protection and the only thing keeping you safe is your staff thinking that a message looks a bit odd or that something is different with the banking site today. That kind of permanent, on-guard attitude needs to be fostered and trained.
Ask your IT Provider to provide phish testing to your team to see who passes and fails, and to use the info to train everybody, or to focus your training efforts.
Choose Your Response To Cyber Crime
As a small business owner, it might be disheartening to hear large corporations fall victim to cyber attacks and data breaches. After all, if the big guys can sometimes let their guard down, you might wonder how your small business can survive these threats.
The answer is adoption.
Large corporations can be incredibly slow at making important changes. SMB's can be far more agile and responsive. Or vice versa and the opposite can be true too. You can choose to respond to the threat landscape by implementing best practices without further delay.