UK SMEs drastically underestimate IT security danger posed by their own employees

External threats remain the focus of attention for over three quarters of SMEs, according to new research undertaken this year by GFI Software, with over half of SMEs not being in a position to track if employees are copying, distributing or deleting sensitive information.
Research highlights:

Despite the higher rates of redundancies and staff dissatisfaction that has been proven to increase employee-led information theft, only 22% of respondents believe that of all the security threats, internal ones are of more cause for concern. Indeed, as many as 50% were ‘not that concerned’ about the threat of data theft by leaving employees.

This indifference towards the danger of deliberate data leakage is reflected by only 45% having security applications in place to automatically screen or prevent network access via portable USB drives and even fewer (35%) screen network access via PDAs – making it far too easy for employees to edit, copy, delete or distribute sensitive data.

Data appears further at risk from dissatisfied or careless staff as 60% of organisations have either no policy at all to regulate access to the network by portable devices or only informal guidelines.

Furthermore, 21% of respondents have absolutely no ability to track where business-critical data is being stored at any one point in time, 33% cannot track what portable devices have been connected to the network and 41% have no visibility of what data has been downloaded to these devices, making tracing the data leakage back to the source almost impossible.

Also 45% of respondents believe that as a result of a prolonged recession, the type of threats will change as cybercriminals become more creative, sophisticated and malicious.

Email and security software provider, GFI Software, today announces the results of The GFI Software SME Security Report, a survey conducted in February 2009 across IT decision-makers in UK SMEs.

The research, undertaken by Redshift Research on behalf of GFI, has shown that whilst the basics of IT security have been implemented widely (96% have installed anti-virus, 85% possess anti-spam measures and 92% assign user passwords), only a worryingly low 45% of respondents have any form of portable storage device network access management measures in place.

Walter Scott, CEO of GFI Software, comments, “Too much emphasis has historically been placed upon the need for anti-virus and anti-spam applications – external threats – and this has led to the common belief that with these, your network is secure enough. A secure network depends on many other factors and, unfortunately, the internal threat is far too often being ignored. There is a pervasive indifference towards monitoring the whereabouts of data and its ability to accessed or copied.”

Scott continues, “Endpoint security is absolutely critical even in the best financial times, but with the economy prompting more and more redundancies, there are more disgruntled employees who pose a potential risk to an organisation’s data. Network administrators must pay more attention to access rights holders’ ability to copy, edit, delete or distribute data – this need is long overdue and is only more essential in current times.”

While financial, contact, R&D and contract information is typically held on the network, 21% of respondents are unable to track where on the network any of this data is available from. This business-critical data is further at risk as written security policies to govern the use of mobile storage devices are held by only 40% of UK SMEs and of these, employees in only 25% of organisations are required to sign them to confirm adherence.

Scott concludes, “Security risks should not be their only concern. We must not forget the cost in terms of loss of productivity. Many companies do not realise how much time is lost when employees are connecting personal devices to the network, browsing the internet for non work-related material, checking their email, downloading files, and so on. If companies were to have the tools to help them understand the economics and financial costs of unmonitored internet and portable device use, I am certain that they would look at security and data in a totally different way.”

For a copy of the survey results visit: http://www.gfi.com/documents/articles/SME_UK_survey_results.pdf

GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. GFI has offices in the US, Malta, UK, Hong Kong and Australia which support more than 200,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners worldwide. GFI is a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.

Source: itpr
<>