Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Industry at risk from poor IT security communication.

SafeBoot : 07 December, 2007  (Technical Article)
SafeBoot survey concludes that lack of IT security investment and communication with employees remains a high risk factor for private sector businesses with employees having low awareness levels of security policy.
Despite the recent spate of security breaches, IT security is still not being taken seriously, according to research carried out by SafeBoot, a leading vendor of enterprise-class security software for the protection of mobile data that resides on mobile and portable devices and computers. Nearly two thirds of companies surveyed by SafeBoot (1,000 mid to large sized enterprises) admitted to spending less than 10 per cent of their IT budgets on security and a fifth stated that they do not have a security policy in place. 54 per cent of respondents also stated that the majority of employees ignore company security policies.

"Businesses really need to start asking themselves where the real IT security threats lie. All too often the risk associated with loss of data is overlooked, and this survey has really brought this home," commented Tom de Jongh, product manager at SafeBoot.

The survey highlighted employees as being one of the biggest threats to security. When questioned, IT managers felt there were a number of things employees do that puts data at risk. Of those potential security threats, the survey found that opening unknown emails (72 per cent), downloading questionable content (58 per cent) and connecting external devices to the network (46 per cent) were felt to be the most serious. Unencrypted USBs and transporting data on mobile devices were felt to be of least concern. This disregards the increasing quantity of data breaches resulting outside the network.

SafeBoot's survey found that of those companies with security policies, 98 per cent of IT managers relied on passive methods of communicating policies to their employees, such as memos (34 per cent), emails (29 per cent) or internal newsletters (18 per cent). In effect, IT security adherence is being based on the hope that employees read the document sent to them, which is not the case.

When put to the test, 54 per cent of respondents felt that the majority of employees ignore security due to a lack of understanding and not taking it seriously, which suggests that more time needs to be taken to explain security policies more fully or face the risk of sensitive corporate data being lost. More emphasis must be placed on ensuring that employees know how to adhere to security policies and it is up to senior managers to make sure this happens.

De Jongh continued: "The survey results have shown a serious disjoin in thinking and communication. Human ignorance is still playing a huge role in placing data at risk and little is being done to rectify the situation. In today's business environment, information is power and the price placed on corporate data is immeasurable. It's not just a question of where the risk is, but who should take responsibility. C-level managers need to realise this and develop strategies and communications methods to mitigate the risks and keep their company data secure. Companies must take more proactive measures to educate their employees to understand the implications of security and the consequences if safety is breached or compromised. Businesses need to show a little more common sense."

"The likelihood of someone leaving 60mb of sensitive information on an unencrypted USB stick on the tube is a serious consideration and a risk that needs to be given a higher priority. In reality, it is prudent to make sure that sensitive information is encrypted at all times - put proactive measures in place to protect corporate assets for when employees undoubtedly slip up. If the inevitable happens and a worker mis-lays their laptop/PDA, then at least the data on it will be unusable. Such common sense thinking can go a long way, and will hopefully help IT managers sleep easier", de Jongh continued.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo