Add to del.icio.us     Digg this

March 8, 2007

Internet security experts say that small and even medium-size businesses leave themselves vulnerable to unnecessary and easily avoidable IT security risks, simply because of poor human resources practices. On average, only about 32 percent of companies surveyed have some form of IT security awareness, according to a survey conducted by McAfee. The study was performed on over 1,000 companies all over Europe.

McAfee's research indicates that overall, Britain leads the induction drive, and that U.K. businesses are the most likely to hold induction sessions for all their employees.

But more than 30 percent of businesses in France and Italy don't have inductions for all their employees.

About 70 percent of respondents believe that employers are more sensitive to the risks associated with new employees than they were in 2004.

But only about 39 percent of companies surveyed do have a form of specific guidelines for employees on email content or language, 28 percent for the use of portable storage devices and 23 percent for portable computer use.

For the majority of cases surveyed where security issues were raised, most businesses feel that the end user is more guilty than the employer, highlighting serious implications for employee and employer liabilities.

As an example, 55 percent of respondents felt that an employee should be held responsible for a personal email that spreads a virus on the company network. Similarly, a stolen laptop is also seen as the responsibility of the employee by 67 percent of respondents.

McAfee's research warns that current approaches may be misguided in terms of culpability for security breaches. Although employee actions may result in security problems, the employer is often ultimately responsible for the processes and conditions that surround Internet security incidents.

"While many businesses make a priority of employee awareness, many are failing effectively to cover a major part of any employees working life: their PC and Internet usage policies," said Greg Day, security analyst at McAfee.

Businesses are failing to capture the opportunity presented by new starters to instil a sense of vigilance and security awareness into the workforce.

"This critical oversight, coupled with a clear lack of enforcement seriously increase the risk of new employees consciously or inadvertently breaching corporate security protocols," added Day.

Typically, inductions are shortest in Germany where 36 percent of businesses complete full HR inductions in fewer than three hours.

Meanwhile, inductions in Spain are most likely to take more than two days, while U.K. and French businesses strike a balance at half a day.

"Overall, the induction process provides an ideal opportunity to engender a vigilant response to information security for end users," said Billy Hamilton Stent, a director at consultancy LoudHouse Research.

"It's not a case of issuing a list of do's and don'ts, but rather a process of establishing trust, security and clear working procedures that will lower employer and employee risk. It is unfortunate that only a minority of businesses see it this way," said Stent.

Add to del.icio.us     Digg this

Source: Vnunet

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.