What Is Whitelisting and How Should You Implement It?
In this article
WannaCry and NotPetya may have put ransomware on the map, but smaller ransomware attacks (taking computers hostage until hackers receive a payout) have hit small and medium businesses (SMBs) hard—a recent report found that among the 22 percent of SMBs that reported being breached, about 15 percent took revenue losses.
With ransomware and mobile phishing attacks on the rise, whitelisting is a cyber-must (and best practice) for SMBs, large corporations, and private individuals looking to strengthen their defenses.
Consistently updated whitelists minimize the likelihood of spam flooding your inbox and malware and ransomware infiltrating your system. Plus, it increases your network’s security, which can be a potential problem for companies that have bring-your-own-device (BYOD) policies. And whitelisting could even speed up business growth.
Related: What Is Spoofing?
Here’s what you should know about whitelisting and how to best use it to protect your company.
What Is a Whitelist?
A whitelist is “the cybersecurity list,” only giving administrator-approved programs, and IP and email addresses, system access. Whatever is not on the list is blocked.
Whitelists are not one-size-fits-all; administrators tailor-make whitelists based on their unique wants and needs. YouTube, for example, is in the process of releasing a whitelisted YouTube Kids version that goes off of handpicked, age-appropriate videos rather than algorithmic recommendations.
Here’s another use case: To reduce insider threat—a cyber attack caused behind company doors—businesses with BYOD policies whitelist websites they consider safe for employees to visit when using their private network.
With the number of daily business emails estimated to go up to 126 in 2019, email whitelists are life-savers. Already having a pre-approved list of email addresses saves you the trouble and time of hunting down daily emails from clients and business partners in your junk mail.
But email whitelists are not just productivity-boosters. A staggering 91 percent of cyber attacks start with a phishing or spoofing email (bogus emails that try to get users’ personal information), according to recent research. Out of the average 94 emails employees receive each day, 18 are spam. By the end of 2019, we can expect this number to jump, as more than one-third of the global population gains access to email. You can bet whitelists will be even more useful, sending more unsafe spam to junk folders and stopping phishing ploys.
Much like email whitelists, application whitelists help keep your computer system safe from malware, spam, ransomware, and other threats. Instead of approving email addresses, application whitelists allow only approved apps to run. Anything not whitelisted is considered unsafe and blocked.
Besides monitoring malware, certain types of application whitelisting products check whether application versions are up to date, unlicensed, or prohibited. Also, application whitelisting usually tracks application changes and, in some cases, incident responses.
By now, you can probably guess what an IP whitelist is—yes, it is an approved list of IP addresses and/or IP domains that have permission to access your domain(s). Reserved for only trusted users, IP whitelisting is only set and updated by the site administrator.
Whitelisting Vs. Blacklisting
A blacklist is a list of applications, email addresses, IP addresses, and websites that cannot access your network. Much of traditional antivirus software relies on blacklists.
Whereas whitelists assume any address or domain not on the list is unsafe, blacklists assume everything not on the list is OK. Another way to look at it: whitelisting is a default-deny approach and blacklisting is a default-allow approach. Needless to say, whitelists override blacklists.
Get To Know Other Cybersecurity Students
The Benefits of Whitelisting
Whitelists are very useful and powerful tools for the typical company. Below are several benefits businesses can reap when they take advantage of whitelisting services.
Viruses are multiplying faster than ever, making them harder to track. In 2015, nearly 1 million new malware viruses were introduced to computer systems every day. Blacklisting each individual virus not only wastes time but leaves the door open for future viruses to wiggle into your network. All hackers need to do is slightly modify malware strains to get around blacklists. Studies indicate that the rate of new malware far outpaces traditional antivirus software.
Whitelisting, however, makes cybersecurity relatively easy—all you need to do is approve applications, addresses, etc. The rest are blocked.
Still on the fence? Consider this 2016 study, which found that a massive 95 percent of IT leaders working on security planned to implement whitelisting solutions, even despite the occasional false-positive.
Research shows that 53 percent of employees are more productive when using their phones at work. However, despite increased productivity and convenience, multiple devices on an unsecure network open businesses up to negligent (or accidental) insider attacks. Not to mention more opportunities for distractions; a survey revealed employees watch over an hour of non-work-related videos a day, on average.
Whitelisting allows companies to tailor-make BYOD policies on their own terms. Thanks to whitelisting, businesses can ban unsecure and distracting sites that risk compromising company projects and cutting into profits. It makes sense, then, why one-quarter of businesses are using some type of whitelisting and 50 percent take whitelisting seriously, according to a Gartner survey.
Integration With Other Software
When it comes to improving your cybersecurity defenses, diversity is key. That means having a full portfolio of anti-ransomware, anti-malware, and antivirus software, in combination with annual penetration testing (looking for vulnerabilities in your network). Whitelisting fits well into this approach. It runs great alongside antivirus blacklisting software, serving as one more tool in your cyber arsenal.
Should Your Company Implement Whitelisting?
For most, whitelisting is overwhelmingly beneficial and a sensible approach to information security; it boosts defenses, reduces cyber threats, and can improve the bottom line.
How You Can Get Started
Convinced, but just not sure how to set up a whitelist? Here are some tips:
For Email Whitelists
- Build an email whitelist by adding approved email addresses to your contact list
- For better email cyber defenses, pair email analysis with activity and network monitoring, along with routine cybersecurity training
- Update whitelists regularly to minimize vulnerability
For Application Whitelists
- Take advantage of the application whitelisting capabilities already built into your system
- Follow the National Institute of Standards and Technology’s advice: whitelist in phases to spot pitfalls and bring in new technology
- Consider hiring IT professionals to manage and update application whitelists, as these can be more challenging than email whitelists
For IP Whitelists
- Make sure the IP address is static before whitelisting
- Consider using a .htaccess file for maximum whitelisting control
- Shortcut whitelisting your login page with plugins
For every type of whitelisting, you can streamline the approval process if you choose to only give the administrator approval power. However, it might be a good idea, time- and productivity-wise, to consider assigning some end-users more approval.
Ultimately, the decision to use whitelists in your business is up to you—and depends on your business’ goals and needs. Not all whitelisting solutions are made the same. Some will have an operational learning curve and others may need more hands-on attention from dedicated staff. However, the payoffs are worth it: SMBs and large corporations with whitelists face less risk of cyber attacks and the reputational and financial losses that come with it. That’s a win.
This post was written by Elizabeth Mack. Elizabeth is a Southern California-based freelance writer specializing in career and technology—specifically cybersecurity and SaaS. She’s obsessed with Thai food, loves coffee, and enjoys new perspectives.
Since you’re here…
Breaking into cybersecurity doesn’t take a Trojan Horse. Our Cybersecurity Bootcamp lasts just six months, and we’re the only program promising a job after graduation. Since there’s an urgent need in this field, we’re beaming out tons of freebies to entice you. Try our free cybersecurity learning path and this free course on cybersecurity certifications. Join in—there are plenty of jobs to go around!