I wrote last month on whether SMBs should implement Web filtering, highlighting some of the arguments to implement it (productivity) as well as the consideration against deploying it (implied lack of trust for employees). While one user who chipped in shared about how he practices self-censorship to enhance personal productivity, another derided the idea as not enforceable. Even if Web filtering is not circumvented, a reader called CyberJ questioned, "What makes you think your employees are productive now? A slacker will always find a way to slack around."
Sentiments on the ground aside, a survey conducted by GFI Software on small and mid-sized businesses last month determined that an 79.4 percent of 631 polled says their organization has either invested in a Web filtering or Web security solution, or are exploring plans to do so. This represents an increase from the 47 percent of U.S. SMBs that had the means to monitor or filter HTTP traffic last year, says the GFI report, which can be downloaded here (pdf).
The reasons behind this phenomenon were multi-faceted. The report noted:
Nine in 10 SMEs said they did so to block inappropriate content, to prevent malware infections from downloaded files and to prevent malware attacks via drive-by downloads. More than half said they wanted to reduce cyberslacking, to control what sites employees can or cannot visit and to reduce bandwidth costs associated with unnecessary browsing/streaming.
Taken together, it is clear that while security considerations do have a substantial consideration when it comes to Web filtering, the central theme really centers on concerns over content accessed by employees while in the office.
A question on whether organizations allow their staff to surf the Internet for "personal reasons during their break" shows that most of them (85 percent) of them allow it. This does seem to support the argument that companies enact filtering due to concerns over productivity and to suppress access to inappropriate content at work. In fact, the survey found that 90 percent of companies block adult materials, followed closely by social media sites, video streaming and online radio.
Overall, it is not difficult to figure out the motivations that drive small and mid-sized businesses to implement filtering. Taken at face value, I would surmise that SMBs are the most concerned about inappropriate content in the office, time-wasters and bandwidth-hungry applications.
Filtering against content that is inappropriate for work is probably to protect companies against potential complications such as sexual harassment lawsuits, while curbing bandwidth-hungry services ensures the smooth flow of business-critical data. I feel that attempting to thwart time-wasters by blocking social media sites is a losing proposition, though, what with the proliferation of smartphones and mobile devices. Still, with the relevant infrastructure for Web filtering already in place, SMBs are probably blocking it to remind workers of the existence of company computer usage policies, than anything else.
So what kind of Web filtering does your SMB implement? Do you rely on software-only filtering, or have a dedicated hardware appliance to ease the processing overhead?