Top 9 Questions we get asked about DNS Filtering
We get a ton of questions about DNS filtering. We figure you will, too. To help you answer some of these questions, we’ve put together this quick-reference FAQ:
Security isn’t something you “implement” and then forget about. It’s constantly evolving, and as external risk factors increase and end users are more likely to become the victim of cyber attack, layered security is increasingly important.
You need your firewall. You need your antivirus. You also need DNS filtering. Because all of them do different things and protect you in different phases of your work day.
Unfortunately for all of us, hackers are really good at deceiving people. And there are a lot of them working to steal information, usually for some sort of financial gain.
Even with cybersecurity awareness training, if the hackers are motivated enough they can convince that person to click the link. They can find information from public social media pages, press releases, or even business pages and leverage that to convince end users that they are trustworthy.
And this happens quickly. When a phishing attempt is successful, over 50% of the link clicks occur in the first five minutes. So there isn’t much time for mitigation to happen if you don’t have filtering set up. This is why solutions that block threats instantly, even when they’ve never been seen before, are necessary so that the DNS request for that malicious site doesn’t get resolved and put the end user and the entire company at a tremendous risk.
It's not enough to just block threats. If you have no insight into what you're blocking, you'll never be able to improve both security and content filtering as a whole.
Visibility gives you a clearer picture of what sites users are accessing, the average number of threats being detected and mitigated, and the frequently pages are being blocked.
You can then use these insights to make recommendations around both security and productivity.
You can even dive into user DNS requests if we've deployed DNSFilter through our Active Directory integration or Roaming Clients. This is valuable information for you. If you noticed one user repeatedly trying to access blocked sites, it might be an indication that the person is wasting their time.
Another consideration is that it could indicate that a recreational site like Facebook may be important for a marketing employee to access during their workday, and this block policy is negatively impacting their work performance.
But without visibility, you wouldn't be able to draw any conclusions.
Technology is amazing. It gives us the ability to accomplish more in a given day than we could have dreamed up 150 years ago. With high digitization in professional services and B2B sectors, our productivity has increased in nearly every industry.
But technology also introduces a new set of obstacles that stand in the way of our daily efficiencies. Social media, news websites, gaming platforms like Steam, online forums, messaging clients, even our email can be a source of decreased productivity. And those are just the things we can access using a web browser. Which is exactly the point.
Access to the internet and digital applications has given us the ability to do more. But ironically it’s also an obstacle to better productivity. Research done in 2018 shows that 89% of employees surveyed waste time every day.
Think of the daily distractions you encounter that aren’t even on your computer—especially if you work from home. There is enough happening externally that you need to tune out. Adding content filtering is an additional safeguard against time wasting. It’s a reminder that you shouldn’t be going to sites like that during working hours.
In early 2020, Art Gross (CEO of Secure Now!) received an email while he was in the middle of eating dinner. He scanned it quickly and saw that it was about an AWS issue being resolved. Since he’s regularly copied on emails like this, he didn’t think much of it but decided to forward it to his CTO and senior system administrator to check in and see what the issue was.
The problem is that this was not an email from AWS. It was actually a phishing email. Luckily for Art, the CTO responded back quickly to let him know.
But despite all of Art’s technical knowledge and cybersecurity awareness, he still believed that a phishing email was legitimate. Art confirmed for himself that it was a scam when he ran it through software that returned that it was “likely” a phishing email based on language used. Not to mention that if he was able to look at the email domain on his phone (which was hidden from him), he would have noticed the domain was not “Amazon” or “AWS” but something completely unrelated.
If Art had actually clicked any links in that email, the ending might have been very different. Luckily, Art only walked away with a lesson learned on how easy it is to become the victim of a phishing attack.
DNS protection can prevent these malicious sites from ever being accessed. In the event that you do fall for a phishing email, the right DNS protection will stop you from becoming the victim.
Sometimes, sticking to just the “reputable” sites isn’t enough to steer clear of malicious links. Because even these trusted sites can still be the victim of “malvertising.” These malvertising schemes are legitimate ad campaigns insofar as they actually pay these companies to display ads, but the ads themselves are links that force-download malware or propagate a phishing scam.
In March of 2020, trusted news sources such as BBC, NY Times, Newsweek, and MSN were the victims of a malvertising scheme that deployed ransomware when the ads were actually clicked. But this technique isn’t new. It’s been around for a while, and part of why it’s so popular is that black hat hackers are able to quickly focus efforts on fresh ads using new domains when the old ads get flagged and blocked.
Sometimes the domains they’re using, like in the case of March 2020’s malvertising scheme, were previously reputable domains: Local businesses that have gone under or blogs where the owner allowed the domain to expire. By claiming websites that have domain authority and an existing web presence, it is easy to get past the security measures in place at major publishers who have a high volume of advertisers on their network.
Think of your own internet habits—it’s very likely that you were on one of those websites in March 2020 when that malvertising campaign was running.
Be wary of any ads that seem suspicious. It doesn’t matter where the ads are running, as the ads themselves may not be trustworthy. One benefit of DNS protection is it will block any malicious ads you happen to click on.
The big data breaches get all of the attention. The ones that impact millions of customers at high-profile companies. They’re scary because these companies have seemingly iron-clad cybersecurity in place. The issue arises when there’s a gap in security coverage, or human error (like falling for a phishing attack).
But these breaches actually aren’t as frequent as the small businesses getting hit by cyberattacks.
In 2018, 50% of U.S. businesses were targeted by hackers, and 60% of businesses targeted by hackers fail within 6 months of the cybersecurity incident.
Let’s examine one business that was hit by a cyberattack in 2015: Rokenbok Education was in the midst of the holiday season when they were the victim of a ransomware attack. It rendered their database unusable. They decided not to pay the ransom and spent four days reconfiguring their database so they could get up and running. Luckily, Rokenbok didn’t find themselves with a “Permanently Closed” sign on their doors.
But Rokenbok chose to prioritize revenue to the detriment of security. This left them open to a very serious attack that impacted them at their busiest time of the year. It caused delays in service and hurt their revenue.
The highest cost, of course, of any cyberattack is the risk of shuttering your business permanently. Unfortunately, there are plenty of companies that aren’t around anymore because an attack was so big they couldn’t recover.
We get a ton of questions about DNS filtering. We figure you will, too. To help you answer some of these questions, we’ve put together this quick-reference FAQ:
DNS is the phonebook of the internet. Every time you visit a website, your computer is making a DNS request to retrieve the information for you. If you type in “example.com”, what you’re really doing is asking a DNS server “What is the IP address of example.com?” The DNS server responds with the IP address and takes you to the right website.
DNS translates the domain name into an IP address for us, so we don’t have to memorize a long number.
With DNS filtering, when you type in a website’s domain, a filtering process takes place between the IP address being retrieved and the page being displayed. This filtering process categorizes the site into a variety of groupings that include news and media, social networking, malicious, illegal content, and much more.
Businesses put DNS filters in place to block employees or guest Wi-Fi users from specific sites. A business might choose to block social media sites during work hours for their employees or illegal content for both employees and public Wi-Fi guests. DNS filtering also blocks users from malicious content, such as phishing schemes and malware.
When DNS filtering is in place and someone tries to access an inappropriate site, users will instead see a block page letting them know this content is restricted.
Without DNS filtering in place, clicking a malicious link can cause irreparable damage to your computer, data, and business as a whole. But DNS filtering isn’t just about keeping you from making malicious DNS requests. It also stops malicious programs already on your computer from making DNS requests of their own.
60% of small businesses that become the victim of a cyberattack, usually a ransomware attack, will need to shut down operations within 6 months. These types of attacks sometimes take months to surface, and by that point it’s too late.
Human error accounts for 90% of data breaches. These are people who have fallen for social engineering attacks, most of them phishing schemes. While the hackers are still outside of your organization, the threat is truthfully internal. The people who craft these cyberattacks are clever, and they’re constantly improving how they operate, so blocking these malicious links at the moment someone clicks is a powerful cybersecurity tool.
A huge part of why we implement content filtering is to keep employees on task. According to one study, 89% of all employees waste time at work on a daily basis. And 57% of those surveyed waste an hour or more each day.
But even if employees are working all day without taking a break to look at distracting sites (or NSFW sites), there are two additional reasons to implement content filtering:
A lot of industries need to meet compliance standards. Schools need to achieve CIPA compliance to obtain e-rate funding, and that means blocking students from accessing certain sites. There are also many illegal sites that could mean legal troubles for your business if employees access them, on purpose or accidentally.
Secondly, often a lot of the work we do requires searching for things online. And sometimes something will seem like a legitimate site, but it will actually be some sort of harmful content. By enabling safe search and blocking certain site categories, you can protect your employees from uncomfortable situations where they see content they should not be seeing.
A firewall is a barrier between a local network (such as a computer) and the internet. The purpose of a firewall is to block unwelcome network traffic from external attackers. And while some firewalls can block content similar to a dedicated content filter, they usually cannot dynamically categorize and block content or prevent existing malware from making additional requests. Firewalls are only concerned about attacks to the network, but it won’t stop existing threats from getting worse.
Antivirus software monitors your computer and looks for suspicious files and activities that may indicate you’ve downloaded some sort of malware or trojan.
Your firewall and antivirus software won’t catch:
DNS filtering gives you another layer of protection, making your company more secure. It can catch zero-day threats (threats that have never been seen before) and prevent existing malware from sending DNS requests. That means it can mitigate or stop the spread of existing malware. That gives your antivirus software time to locate and delete the threat.
Using Roaming Clients, DNS filtering can provide endpoint protection (i.e. device protection). And applying DNS protection at the network level means anyone accessing your network goes through your filtering, whereas when external devices connect to a firewall they’re not subject to the same rules.
Unfortunately, it doesn’t matter how small your business is. Anyone can become the victim of a data breach launched via social engineering, and only 40% of small businesses that experience a large breach are likely to survive.
For businesses that have fewer than 500 employees, the average cost of a data breach that stems from an insider mistake is $7.68 million. On average, it takes 77 days to contain an incident. Only 13% of incidents were contained in fewer than 30 days.
Of companies that have 50 employees or fewer, 20% use no endpoint security and 43% of business owners don’t even have a cybersecurity plan in place. A lot of this is from the prevailing sentiment that cyberattacks don’t happen to small companies. But on the contrary, over 40% of data breach victims are small businesses.
In fact, small businesses (with fewer than 250 employees) have the highest rate of targeted malicious email attacks.
So ultimately, it doesn’t matter how small your business is. You can still become the victim of a data breach based on a variety of factors, just from being online and doing work necessary to your business.
Phishing attacks are growing at a tremendous rate, and they’re becoming the attack-of-choice for many hackers. By using phishing attacks, hackers can steal your valuable credentials, deploy malware, or infect your computer with ransomware. They account for over 80% of all reported cybersecurity incidents. Experts estimate that nearly $18,000 is lost every minute because of phishing schemes. DNS filtering is one of the best ways to stop phishing attacks.
But beyond phishing attacks, work is moving off the network. We’re no longer completely protected behind a firewall so we need to find an alternative way to safeguard our employees and our business. Globally, over half of businesses offer some form of remote work and nearly 20% of the workforce telecommutes full-time. It’s becoming a new standard that businesses need to work around in order to maintain cybersecurity standards.
Legacy firewall software is no longer the singular answer to cybersecurity.
It’s not just about stopping employees from accessing things you don’t trust them to look at. It’s also about protecting them from both malicious content and content they don’t even want to see.
An employee can have only good intentions and still fall for a phishing scam. According to Knowbe4, 37.9% of employees are “likely to click on a suspicious link or email or obey a fraudulent request.” This has nothing to do with the employees’ intentions, and everything to do with being tricked by skillful hackers.
If you’re worried about how your employees might react to DNS protection, make it clear that this is another layer of cybersecurity protection as well as a content filter that blocks unwanted content.
Likewise, restricting content around drugs, terrorism, illegal content, adult content, and more can prevent employees from accidentally accessing harmful content during working hours.
Not at all! The query speed for our DNS filtering is generally under 10 milliseconds in North America. To put that into perspective for you, there are 1,000 milliseconds in a second. So we’re talking subsecond speeds. In almost every case, you will actually speed up web browsing for your employees.
If you’re OK with your employees accessing streaming content, social media, and YouTube on their work computers after hours, we can schedule block policies. This gives us the flexibility to disallow certain content during working hours and allow harmless (but distracting) content once work ends for the day. You can even edit the policies to only occur on weekdays.