Biggest security headache just won't go away...

According to a recent poll, employees represent the biggest single threat to any company. And while temps have often come in for stick because of the threat more nomadic staff can pose, especially the sales team, with their eye on business critical data, that really needs to be watched - if only for their own sake. With a combined 33.3% Employee caused issues were the biggest threat feared and this was broken down into Employee error (17.2%)and Malicious Employee behaviour (13.1%) - meaning almost a third of respondents fear the activity, whether intentional or not, of their staff.

Spyware was next up, cited by 27.8 per cent of respondents, with viruses being cited by 20.5 per cent, followed by phishing (11.3 per cent) and hacking (10.5 per cent). Separate research from Unisys reveals that 51 per cent of security managers believe negligent or malicious employees are a significant threat to their business.

Mark Thomas, head of security at Logicalis, said: "One of the biggest problems is that everybody comes into a company on day one, signs the email and internet usage policy and that's the last they think about it."

Many companies have made a rod for their own backs by turning a blind eye to many behaviours which are technically in breach of the rules, he added. And he believes the problem is out of control, with a raft of consumer gadgets and portable storage devices travelling in and out of organisations each day and staff making free with email, IM and their internet access and storing illegal copyrighted files on the network. "If you walked out of your office four years ago with a 40Gb hard drive under your arm you would be arrested but that's exactly what people are doing every day." The problem, especially where companies losing track of their data is concerned, isn't helped by the form factor of increasingly scaled down storage devices. "The mediums are almost impossible to control and they will continue to grow in numbers. So companies have to secure their data."

The far and wide distribution of data outside the organisation also creates problems, said Gary Clark, VP EMEA at encryption specialist SafeNet. The more well-travelled data becomes, on phones, laptops, handhelds, over networks, site to site and on portable storage devices, the greater the chance it will be lost or stolen along the way. But before implementing any measures which will change and limit the way employees can interact with data within the organisation, companies need to make sure staff know why they are doing it, said Logicalis' Thomas. "They need to say, we're not doing this because we're being Big Brother. They need to convey the message as to why security is important and they need to get people to buy in to this."

Thomas added that companies could do worse than start with their sales team. Often the sales team will include the biggest gadget fans who act as their own administrator, he said. They are also frequently the ones with most direct access to business critical data which can be compromised either accidentally or maliciously. "It's the sales guys you need to watch, you need to know if they're emailing all your sales lists to their Hotmail accounts."


If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna or Russell at the Continuity Forum directly on <b>020 8993 1599</b> or <a href="mailto:[email protected]">[email protected]</a>