- Why Abacus?
This article was written by Paul Ponzeka, CTO at Abacus Group, and originally appeared in Teiss.
Now a standard security feature in organisational IT networks, URL-blocking has rapidly become prevalent in the last 10 to 15 years. As cyber threats continue to evolve, businesses, including alternative investment firms, frequently deploy URL-blocking technology to protect users from malicious websites and ensure compliance with regulations. This has taken on a new sense of urgency as devices are frequently used outside of the office environment and in remote locations, with the same level of protection needed.
However, some blocking strategies can lead to potential employee frustration. Relevant websites can be inadvertently obstructed, leading organisations to take down the whole system and leaving it exposed to potential breaches. Firms must carefully consider the URL-blocking options available to strike the balance of high-security posture and effective employee experience.
Two of the most common URL-blocking strategies are blacklisting and whitelisting. Blacklisting is frequently deployed by smaller and medium-sized businesses to block malicious applications and websites from being accessed by users. In larger organisations, where high-risk environments are more common, whitelisting is more often seen. This is where only specific websites and applications are approved for access.
There are a few key considerations with each method. Blacklisting relies on teams ensuring that every possible attack vector is accounted for when considering which categories or URLs to block. For larger firms, this risk is frequently not worth taking. Whitelisting can be inherently safer as it assumes that anything can be potentially dangerous. However, the administrative burden of whitelisting can be high. Constant tuning is required from technical teams to ensure that the right applications remain accessible. It’s also more intrusive to the user experience as the vast majority of applications are blocked.
With each method potentially beneficial and a hindrance in equal measure, how do firms find the middle ground? The answer is to use a blend of both solutions to achieve business goals. In most businesses, there’s likely to be a number of categories that should be blocked outright from user access. Gaming, for example, typically serves no business purpose and is an area for risk and a frequent target for cyberattacks due to the lack of necessary security controls.
However, there may be valid business uses for URLs within that category. Alternative investment firms that frequently invest in video gaming companies may need complete research on a specific game or franchise. Whitelisting can be used to unlock access to any application or webpage associated with that game while ensuring that the gaming category remains blacklisted. This ensures effective security measures are in place and considers the employee experience simultaneously.
Greylisting is also growing in use, particularly on the application side. AI and heuristics are increasingly able to make an educated guess on whether an application, which may not fall into a specific category, should be allowed. It can also be applied to allow content from one company or publication to filter through by recognising it as a trusted source.
URL management also needs to be considered through the lens of different teams in the business, their goals and the times of day that such controls are implemented. For example, the accounting team is unlikely to require social media access, while other teams may need read-only access in their roles. It might be that the company wants to encourage employees to use their devices for leisure purposes during their lunch break and removes the blocks to cover this time period. It will all depend on the specific requirements of the business.
Going overboard in preventing access can lead to employee morale issues and, buy-in from teams is so critical to the effectiveness of cybersecurity strategies. To ensure that the right balance is struck, those in the boardroom first need to communicate directly with employees and find out what they need access to in order to complete tasks. Secondly, organisations should look towards specialists in the industry for best practice advice and guidance in managing access to URLs and applications. The right know-how will help organisations to follow the right path