Geoblocking tools have been around for a while, but I just realised their real power not too long ago.
It was Christmas Day 2023. For some reason, I decided to log in to my website management console to see the traffic.
Given that I don’t sell anything on my website, I wasn’t expecting to see much.
Instead, I saw that my geoblocking tool blocked over 600 website hits from just three countries: Russia, China and North Korea.
What? Why would people from these countries visit my website on Christmas Day?
The answer: They were scanning websites for those with monetary or political value and security weaknesses.
While my website is purely informational, many Not for Profits are more vulnerable because their websites are tied to their CRMs and often allow for credit card transactions.
It’s for this reason (and others) that your Not for Profit should be using geoblocking tools.
What are geoblocking tools?
Geoblocking tools are basically software that limits who can access your website, network or systems based on their geographic location.
They use the user’s IP address to identify their location, much like the way that some websites know to show you prices in Australian dollars or that you might be interested in the weather in your hometown.
What are the benefits of geoblocking tools?
The main purpose of geoblocking tools is to reduce cybersecurity risks. It’s a lot easier to completely block someone from accessing a website or system than to control what they do while using it.
From a marketing perspective, you can also use geoblocking to tailor content based on a user’s location. You’ll notice this with Netflix and Amazon using these tools to limit visible content and product options between their Australian and US divisions.
What are some examples of geoblocking tools?
There are two tools that I often recommend for geoblocking:
Microsoft
Assuming that your organisation is already using the Business Premium or higher license (please say yes for cybersecurity reasons!), conditional policies for geoblocking can be set up so that Microsoft accounts can only be accessed in certain countries like Australia and New Zealand.
Exceptions can be made when someone travels overseas, with the condition reinstated upon return.
Speak with your internal IT team or Managed Service Provider to ensure this conditional policy has been added.
Cloudflare
Cloudflare provides geoblocking (and more) for websites, and yet its basic plan is sufficient for most small Not for Profits.
Those with online checkouts should consider the Business license, and some charities may be eligible for this to be free as well with their Impact program.
Chat with your website service provider to consider this tool. They might even have a discounted agreement with Cloudflare or a similar vendor.
Can these tools fail?
Geoblocking tools are not foolproof. The same Virtual Private Networks or VPNs that I recommend for protecting your systems while using public WiFi, can also be exploited to hide the user’s true location.
This is why you might find an unusual amount of website traffic coming from countries like the US or Singapore.
Regardless, there are enough hackers who don’t bother to hide their location, which is why geoblocking is still really effective.
Final Thoughts
Geoblocking tools are a simple and often affordable way to reduce the cybersecurity risks to your website, systems, and network.
As such, Not for Profits should talk to their various IT and website providers about implementing them.
I regularly help Not for Profits mitigate cybersecurity risks. Let me know if you need some help.
P.S. If you found this article helpful, you might want to read these too:
- Does it matter which Microsoft 365 license we buy?
- Why cybersecurity is making it riskier to be NFP Executives & Directors
- Payment fraud: how your #1 cybercrime risk can be avoided
Tammy Ven Dange is a former charity CEO, Association President, Not for Profit Board Member and IT Executive. Today, she helps NFPs with strategic IT decisions, especially around investments.
