- Security TWENTY
- Women in Security Awards
Another MP scandal, but are web filters to blame? asks Bill Walker, security analyst and technical director at QA.
Over the past few days, the media has been swamped with the news that “more than 300,000 attempts” were made to access inappropriate content from the Houses of Parliament. This really is not news at all. The key word here is “attempts”, suggesting that web filters had prevented anyone from actually accessing these sites. So, the main story here is not that are MPs being, ahem, distracted from their parliamentary duties.
The real story lies in the month-by-month breakdown of the figures provided by the Houses of Parliament. They vary wildly between 15 attempts in February to 114,844 attempts in November, which would indicate some very strange behaviour. But, it starts to make sense when you consider that in November, there was intense media and political investigation into various sexual offences. Some of our MPs may simply have been victims of an over-zealous web filter, as they were conducting research into the news, hardly the stuff of a saucy news article.
This is a widespread problem in businesses and organisations everywhere. Web filters can be very effective in blocking explicit material, but ultimately, they are machines that work by following basic rules. These web filters often make mistakes, as they are unable to understand context.
There is an issue known as “The Scunthorpe Problem”, based on the fact that people from the town of Scunthorpe can be blocked from owning email addresses and domain names, due to the fact that their address contains the same string of letters as an obscenity. Filters like these frequently block perfectly innocent websites and may well allow explicit websites with cleverly disguised names.
They can also not differentiate between inappropriate and appropriate uses of words; for example, research into a health problem could be seen as accessing sexual content. Strict web filters are often found in workplaces and public hotspots. Ironically, I was blocked from searching for the parliamentary news scandal in a coffee shop this morning, as the web filter assumed I was attempting to access sexual material!
It would be fair to say that the MPs web filtering system is more of a hindrance, than a help to their productivity. This may lead to individuals flouting security policy, by trying to find ways around the blocks, just to get their work done.
The very best way to control which sites are not accessed in your workplace is ensuring that all staff members are trained in web security.
Unfortunately, in many businesses over-zealous web filters are used in place of training, as a perceived cheap and easy option. In every work place, staff are required to be trained in health and safety, first aid, fire safety and the like, but very few are trained in web security- a lack of which could be extremely damaging to a business.
Good training and a clear policy are vitally important to ensure web security in the workplace; web filters can then play a much smaller role. Everyone needs to know which sites are and are not appropriate for a work environment, and the consequences for flouting these rules. More importantly, everyone must know what online behaviour will potentially introduce damaging malware to the company’s network. It is when these policies are ignored, or not implemented properly, that web filters become the only option.
Web filters are important in many scenarios, such as in a school environment. However, they should never be used as the sole protection against dangerous and explicit web content.
A web filter will never be as effective as a well-informed, well-trained person making a judgement as to whether their online activity will be damaging to their company, personal reputation or be breaking the rules of their security policy.
About Bill Walker, security analyst, QA
Bill Walker is technical director at QA – a UK training company – with a core specialism in cyber security. He consults for private enterprise and Government organisations on the protection of critical IT infrastructure and information. Bill is also responsible for developing QA’s relationships with key technology vendors and partners including Microsoft, Oracle, VMWare andCitrix and for bespoke e-learning and innovation activities within QA.
QA’s client list includes British Gas, Network Rail, Centrica, HSBC, Virgin Atlantic and Microsoft.
Prior to joining QA, Bill held a directorship at Xpertise and was a key member of Microsoft’s CPLS Advisory Council.