Which websites should employers be blocking at work?

Expert details importance of Domain Name System (DNS) filtering to avoid cyber threats such as malware, data breaches

Which websites should employers be blocking at work?

Thanks to the internet, people around the world have access to what seems to be a limitless amount of data they need for work and life.

The internet, however, is also full of threats that can be harmful to employers. Accessing insecure websites can increase the risk of cyber threats such as malware, phishing attacks, and data breaches, according to NordLayer.

And while a majority of employers are blocking malware (72 per cent), adult content (72 per cent) and phishing (70 per cent), many threats are still left unchecked, it says.

Just over half of companies block illegal or unethical sites (56 per cent), cryptojacking (54 per cent) and DDoS-as-a-Service (51 per cent), found NordLayer’s Domain Name System (DNS) filtering service in February 2024.

And fewer block repeatedly infected websites (44 per cent) and stalkerware (44 per cent), and websites that can potentially be used for hacking (43 per cent) and gambling website (43 per cent).

“When talking about malicious websites, it's a separate category for known and potentially malicious websites,” says Arturas Bubokas, product manager, NordLayer, in talking with Canadian HR Reporter.

“It doesn't mean that you're blocking all the threats, but you're blocking access to a known set of websites which probably would cause damage to your network security and so on.”

Canadian employers lagging with cybersecurity

It's important for businesses to learn how to stop employees from using non-work-related or harmful websites, according to NordLayer, as this also helps keep the workplace focused and safe, boosts productivity, and protects the company's online assets.

But Canadian employers are about 12 per cent less restrictive compared to global averages, when it comes to adult and gambling sites, says Bubokas. The reasons for this may vary by industry and company.

“Some companies want to prioritize a trustworthy environment and encourage their people to explore all the possibilities. If, let's say, it's some kind of digital product company or startup and all the employees are young, we, for sure, don't want to block any social media sites or anything like that.”

Cybersecurity isn't just a tech problem, it's also an HR problem, according to a previous report.

Importance of DNS filtering

Cybercriminals upped their activity in the first half of 2023, according to a Trend Micro survey. The cybersecurity software company reported that it blocked, during that period, more than 85.6 billion threats globally, consisting of email threats, malicious files and malicious URLs. That marked a 27 per cent year-over-year increase.

Among those that have fallen victim is the Health Employers Association of British Columbia (HEABC). A cyberattack hit the association’s server that hosted websites and application forms for Health Match BC (HMBC), the BC Care Aide and Community Health Worker Registry and the Locums for Rural BC program.

One thing that can keep employers safe is DNS filtering, which blocks malicious websites, says Bubokas.

“If you don't want your employees to do some online shopping while they are working from your company's device, you can block these websites,” he says. “You can block gaming websites.”

DNS filtering helps mitigate the exposure to risks users face while browsing the internet, notes NordLayer. 

“It includes viruses, spyware and malware, various types of phishing attacks, botnet-escalated threats, and more.”

The most common online threats DNS filtering prevents are malware, botnets, adware, viruses and spyware, according to NordLayer.

Source: NordLayer

What rules should be followed while using the internet?

It’s also important for employers to come up with guidelines around internet use in the workplace to ensure safe internet usage, says Bubokas. 

He shares the following tips for ensuring the effectiveness of internet usage rules in the workplace:

  1. The policy should be clear and comprehensive.
  2. It should be communicated to all employees, especially new recruits.
  3. It should be updated regularly.
  4. Employers must considering disciplinary measures for those who would violate the internet usage rules.
  5. There should be regular cybersecurity training for employees.

Few workers are getting cybersecurity training, according to a previous report. Recently, one expert called for a quarterly cybersecurity training, given the threat of human error, according to a report.

Latest stories