Beyond the Firewall: Protecting Your Business from Social Engineering
Posted on 21 November 2025 by Beaming SupportSocial engineering is a topic no business can afford to neglect. While we often rely heavily on security hardware such as firewalls and web filtering appliances, these are great tools, but you can’t rely on them alone.
The greatest vulnerability – people
The sophisticated techniques employed by attackers are often smart enough to deceive machines, but they ultimately rely on a human action to succeed. When it comes to tackling these threats, common sense alone is not enough.
This is why organisations that value a secure environment are increasingly investing in cyber security training for their staff. This can range from one-day security courses to the increasingly popular online training platforms. Security training is not expensive, and in this day and age, it really should be a standard component of your employee plan.
Securing Your Website Access
Malicious content, from embedded advertisements to links containing nested malware, is rife on the internet. We can break down website security into two common scenarios: protecting your internal users when they browse websites, and protecting your hosted websites from external attack.
Scenario 1: Protecting your employees browsing the web
This scenario focuses on your regular employees and how to protect them while they are browsing various websites at work. Modern next-generation firewalls, such as the Sophos XGS, are key to comprehensive protection.
The Sophos XGS offers powerful features to manage and secure your user traffic:
Granular Web Policies: Policies can be created based on multiple criteria, including user application categories, web categories, dynamic categories, and file categories. Access can then be blocked or allowed based on these definitions.
Deep Inspection: To make security more granular, you can enable SSL inspection. This allows the firewall to see what is actually inside the URL or webpage being accessed, rather than just the destination. File inspection can be added for further scrutiny. Note: All of these features are dependent on having the necessary licences in place.
Firewall Rule Integration: Once a web policy is created, it is integrated within a firewall rule. This ensures that users can only access allowed websites via specific, secure ports, such as HTTPS.
Layered Filtering: Within the web policy, you can implement multiple layers of security:
- Block malicious specific websites (Blacklist).
- Allow trusted and safe sites (Whitelist).
- Block high-risk web categories (e.g., adult content).
- Allow most-used and trusted categories (e.g., Information Technology).
- Set warnings for trusted but potentially harmful categories (e.g., Online Shopping).
- Allow and set warnings for specific file extensions.
Proxy Functionality: By importing the XGS certificate onto a user’s PC, the firewall acts as a proxy, enabling full SSL inspection. This allows the XGS to inspect the full content of the webpage and stop the connection immediately if malicious code is detected.
Malware Inspection: This capability is crucial for scanning content being downloaded from webpages, preventing malicious files from ever reaching the host computer.
With this setup, you can ensure users access webpages only through secure ports. Sophos engines categorise web pages appropriately, and any deviation triggers the SSL inspection to halt the process. Furthermore, if a malicious file is detected during a download attempt, malware inspection will trigger the block.
Scenario 2: Securing Your Hosted Websites
When you are the host, and outside users are accessing your website, the focus shifts to protecting your server infrastructure.
Sophos XGS offers a server protection feature with the appropriate subscription. However, there are other essential methods to enhance security for a hosted website:
Active ATP and IPS: Employing Advanced Threat Protection (ATP) and Intrusion Prevention System (IPS) to monitor and block active threats.
Port Forwarding: Only forward the minimum necessary ports to your server.
Firewall Rules: Create specific firewall rules to isolate only the required ports. These rules can be configured to accept connections from specific public IP sources or be more widely applied.
GEO-IP Filtering: Block connection attempts from entire countries or geographic regions that are known sources of malicious traffic.
While there are many vendors, appliances, and security combinations available on the market, the most critical decision is investing wisely in both your security hardware and, perhaps more importantly, your staff’s security training. A comprehensive strategy is the only effective defence.
Can you identify key trends and areas of vulnerability for your business?
Every quarter Beaming release a cyber threat report that shows the current level of attack that business systems are under, where attacks come from, and which applications are most targeted. You can be the first to receive this report direct to your inbox by signing up here