Internet security risks ‘can come from workers’

With the festive season fast approaching, more small businesses could find themselves being complacent with security measures.

A report published this month by the ISACA found that a large percentage of workers planned to do their Christmas shopping online.

While employers may want to ensure that they do not appear Scrooge-like, it could be the time to put in place workplace policies to prevent staff from taking unnecessary security risks online.

Combined with higher security measures, employers may also have to combat casual attitudes towards data use.

The growth in mobile devices and a more flexible work-life balance means that employees can often put at risk sensitive company data by accessing work intranets through unsecured connections.

Staff are also taking work home with them on a range of portable devices, while utilising online services to send potentially valuable business data.

A separate study by Imperva found that one in three cases of data theft are carried out using USB sticks.

In addition, one in four workers will use their laptop – often a company one – to take out sensitive data from the workplace.

The majority of cases of 'data theft' will be innocent, with employees unintentionally violating rules because they are unsure of official company policy.

It could be important to distinguish between those employees that have malicious intentions and those that are simply uninformed about official workplace rules on internet and data use.

The most recent Cisco Connected World Report has found that just under half (41 per cent) of workers do have the express intention of breaking IT rules.

These workers are often aware of their employers' laxity on the issue – with two-thirds of workers believing that their company needs to brush up its policies.

However, almost a quarter (24 per cent) do not even know that their company has put rules in place.

While many workplaces have cracked down on casual surfing and social networking, they may be less confident in dealing with the security risks presented by different devices.

It could be worth trying to improve levels of security on your broadband connection ahead of Christmas.

Rather than taking time off to rush to do their gift shopping, more workers will simply try to get the bulk of it done at work.

Employers could put themselves at serious risk of cyber attacks, which makes investing in security measures early on an economical decision in the long run.

An American report on small businesses found that more than four-fifths (85 per cent) believed that they faced little risk of a cyber attack.

Around 50 per cent of these did not think it was worth investing in upgraded security.

This is despite high-profile cases including what has been dubbed the Zeus botnet, which saw a Ukrainian gang take around $70 million (£44 million) from US firms, according to IT security firm McAfee.

This level of complacency could also be affecting the UK's small businesses, despite the increase in wireless devices and flexible working hours.

Improving existing levels of security, embedding security into hardware, and training workers about inappropriate use could be the best way to protect against cyber attacks in the future.


 

Share with others...