What is Content Filtering?

Content filtering is a system that enables an organisation to monitor the activities of all personnel who have access to a PC.

Content filtering systems filter emails according to a criteria set by the management of the organisation and either block them or prevent them being sent. It can, for example, let a manager know that a particular employee is perhaps looking at pornography. Or it can keep a record of emails that can be inspected later if, for example, an employee is accused of harassing a colleague or sending abusive email or racist material.

The future of content filtering

Many companies already monitor emails and web activity and this is set to continue due to increased legislation.

Compliance - many US and UK companies have to comply with legislation ensuring that email records are retained for a specific period of time.

Libel laws - a company or its senior officers can be held responsible for the actions of their employees.

Illicit material - to prevent people downloading pornography and other offensive material.

Why content filtering?

Some 1 billion emails are sent every hour and 50% of those contain sensitive information.

Read the full statistics here.

As a result there has been a growth in the number of lawsuits based on, for example, sexual harassment and criminal activity. There have been instances where personnel have been using company PCs and the network in order to conduct illegal activities. Also, the increased incidents of terrorists using the internet in order to plan their activities further exacerbate the problem.

Benefits of using content filtering

• Greater productivity - if 40% of employees' activities are spent on non-work related activities, organisations can be losing many hours of valuable resource in an age when the cost of running a business is already extremely high.
• Degradation of network performance - if people are continually using the web to download images, film clips and music, this will impact the network simply because it will slow it down. The result could be that you need to buy more (unnecessary) bandwidth to cope with the demand.
• Need for legal compliance - some industries are regulated or constrained by stringent legal requirements, for example, financial services and pharmaceutical companies. As a result they must ensure that customer information is protected and not sent to a third party.
• Growth in criminal activities - there has been many instances where individuals have used company resources to break the law. For example committing fraud or dealing in drugs using the company internet access.
• To a large extent, organisations are responsible for the actions and behaviour of their personnel.
• Protection against loss of data - organisations need to protect vital information such as customer records and other proprietary information.
• Enforcement of an acceptable use policy. An Acceptable Use Policy (AUP) is a set of rules and regulations that all employees would be required to sign regarding their behaviour for using their PC and access to the internet. This, for example, could include only surfing the web for personal reasons (e.g. online banking) at lunchtime. It can also specifically outline that individuals should not send offensive material.
• Prevent inappropriate use - by knowing that they are being monitored, personnel are unlikely use the network for reasons other than business.
• Protection of reputation - preventing individuals sending scandalous emails can protect a companies brand and reputation.
• Protection against harassment, defamation, fraud and illicit activities.

Disadvantages and potential pitfalls

• Big Brother - content filtering can be seen to be interference by senior management and the general perception amongst employees might be that the management don't trust their personnel.
• It may block the wrong email or content and the sender may only find out after a period of time. If, for example, this is commercial material such as business proposals, this could be seen as a major inhibitor.
• Can be restricting - if certain content is being blocked or filtered all the time then it could prove frustrating. For example, if a student wishing to investigate breast cancer using the school's internet access was blocked because it was deemed that the word 'breast' was inappropriate.
• Could be considered intrusive - as long as emails are marked personal then it is reasonable to allow people some personal activities.
• Installing a filtering program is not always legal - in some countries they are not allowed so you need to check carefully what applies to your country and industry.

Buying and installing content filtering

Step one

• Identify the needs of your organisation and the users. If users access the internet via a dedicated server, then it might be possible for only the server needs to have a content filtering system installed. You have to consider PC and laptop users with internet access.
• Understand your requirements - this can be achieved by talking to perhaps two or three appropriate suppliers.
• It might be a good idea to test or pilot any system before purchase in order to see how effective it is.
• Types of applications need to be considered too. Do you require all users to be monitored? Do you want to monitor email and web activity and instant chat services such as MSN and Yahoo?

Step two

• Identify the right supplier.
• Use the search box on the right hand side on this page to put together a short list of potential suppliers.
• Who has the experience of working a company of the right size and profile as yours?
• How many similar installations have they made?
• Ask for references - ensure that the supplier is capable and reliable.
• Ask to speak with a couple of their customers in order to see what benefits they have gained.
• Get a credit check to ensure that they are financially stable. You can get this directly from the supplier details in Conjungo.

Step three

• Request a proposal from three or four of your preferred suppliers.

Step four

• Select a proposal.
• Who best demonstrates that they understand your business and your requirements?
• Is the solution flexible and scaleable and therefore able to meet future demand? You don't want to find out later that by investing a little more money now will save you money later.
• Is it cost effective? Does it demonstrate clearly the functional benefits - rather than telling a list of particular features, does the proposal clearly show what the benefits are? There is no point on spending money for system with features that are of no benefit or that you will never use!
• How much will the software (licences) cost?
• How much will software support cost?
• Can any savings be made by agreeing a multi-year contract for support?
• How will your potential supplier support and maintain your system afterwards?
• How much will this cost?
• Have you spoken to a couple of your preferred suppliers' customers?
• Agree on financial terms - you may be required to pay a deposit but do not pay the whole amount in advance of delivery.

Points to remember when installing content filtering

It is unlikely that you will install a content filtering system yourself but by knowing the following steps you will be aware of what the process is, in order to achieve a fully functioning system.

As a simplistic guide for a small business of, for example, 10 users in one office, the following would be necessary:

1. Depending on the system, you may either have to install the software on your server that has access to the internet and/or a copy of the software on every PC or laptop.
2. You will need to write a set of policies and guidelines to your employees. The easiest way to go about this is to agree what terms or words are acceptable and a list of unacceptable websites.
3. For legal reasons, it will be necessary to inform all employees that they will be monitored.
4. You have to draft an Acceptable Use Policy, and get it approved and signed by all employees. You can find a number of examples of standard documents on the internet that can be changed according to your requirements.
5. If the organisation has someone who is responsible for personnel matters, they should be kept involved with all of the processes and procedures.
6. If the company does not have a personnel professional, then it may be wise to either consult one or hire a specialist lawyer to ensure that all policies are legal and binding.
7. Only certain senior level personnel should have access to view the contents of the filtering system. This should ideally include senior IT staff and personnel management. Naturally you do not want everyone to be able to access the content and transactions across the network.
8. An administrator may be required in order to update and set new policies, add websites to be blocked or filtered and add further users.

In summary about content filtering

There are many excellent filtering systems available and it may be best to test a few for a week or so before progressing to a full purchase.

It would also be prudent to get professional advice as this particular area of technology may be seen as contentious. Ultimately, many companies allow reasonable use of the internet for personal reasons just as they would for using the phone, but suffice to say that the internet, while a useful tool and email a great way of communicating, can be misused and prove to be distracting.

Frequently Asked Questions

What is content filtering?
Content filtering, or content monitoring as it's also called, is a system that enables an organisation to monitor the activities of all personnel who have access to a PC or laptop computer.

Why do I need it?
You need to ensure that important documents and other confidential information are not leaving your organisation. You also need to make sure that emails of an insulting nature are not sent and if they are, you are then able to track the instigator. Likewise for staff who 'surf' for inappropriate material on the internet.

What about the legal issues?
You need to be aware of the legal issues and coordinate either with a lawyer or your HR department as you need everybody to agree to a written 'Acceptable Use Policy'.

What is an Acceptable Use Policy?
An Acceptable Use Policy or AUP is a document that outlines what employees can or can not do with their PCs. It covers everything from email i.e. who can use it and what should it be only be used for, as well as what can be looked at on the web and if and when it can be used for personal purposes.

What if I don't have an Acceptable Use Policy in place?
It will be difficult to discipline someone if certain activities are uncovered and it is always good to set rules and guidelines.
Also, if you are monitoring people's activity, it needs to be in the bounds of the law and you need to ensure that you are not seen to be invading people's privacy or human rights.

What form should an Acceptable Use Policy take?
It can either be a document in its own right or as part of an employment contract. Either way, it must be read, agreed and approved.

Where can I get an Acceptable Use Policy?
There are a number of websites on the internet that provide templates.

What is regarded as 'inappropriate' use?
Inappropriate use can include a large number of areas, such as pornographic material, sexual harassment, bullying, and theft of vital and confidential document or intellectual property, defamatory statements sent by mail, text or chat.

Can chat and other forms of communications be monitored and filtered?
Most forms of communications can be monitored, including chat, mail, and internet mail and messaging. You will need to check the capability of the software that you are buying to ensure it covers the areas you require.

What happens if a 'new' type of communication is developed a while after I have purchased my content filtering package?
Normally, companies develop their software according to what is being developed in the market place, so it most likely that you will be able to either upgrade your existing package or add a module to be able to deal with it.

Who should have access to the content of the material that has been monitored?
This should be left to very senior personnel or HR. Clearly you can not let anyone use the system.

Back to gounderstand homepage