Know The Enemy Within
by Harnish Patel - SurfControl - Monday, 9 July 2007.
Have you ever wondered about exactly how much of a threat your users are to your organization? Well, wonder no more, as an in depth study by Queens University, Belfast and SurfControl of threats in the workplace has highlighted exactly what they are as well as users’ attitudes to those threats, and what's behind them.

The fact is that we all know the kind of activities that users get up to if they are not closely monitored and controlled, but the scale of it and the threat that it represents may be seriously underestimated.

So what are the main threats identified by the survey, and what can you do to mitigate them? Lets take a closer look at the top 5 security issues highlighted, and at effective measures to counter them.

Many love a good email forward, and in many organizations, Outlook is the new office water cooler, the virtual meeting place to share the latest scandal. The survey results confirm that our national pastime continues unabated in the workplace, with 40% of users admitting to emailing office gossip, and 66% sending confidential information via email, putting the UK at the top of the league for inappropriate use of email.

The very real danger that this brings – be it intentionally or unintentionally - is that email can fall into the wrong hands. Email is generally not secure and can be intercepted, or, as has been illustrated by many very public examples an email can be forwarded in vast numbers to an uncontrolled audience in a very short period of time.

We’ve all heard of cases where gossip-related emails which were initially intended for a single recipient have fast spread throughout - and far beyond – the workplace, spreading virally and becoming truly global. Imagine the potential business implications if the same outbreak occurred with sensitive business-related information that 66% of people are busily emailing around.

Given the immediate nature of business communications, organizations need to put in place tools and policies to mitigate email risk. Email filters are the simplest and most effective means of achieving this, monitoring traffic for sensitive and inappropriate content, and preventing it from leaving the company network. This provides clear, granular control over network security to meet regulatory compliance and ensures that email policy is adhered to and enforced across the organization.

Another major headache for businesses is the issue of employees downloading pornographic material onto their work PC or laptop - a business minefield which brings serious legal, HR and IT security implications. The security survey revealed that 11% of employees use their company laptop to download and access pornography.

Not only do organizations have a legal obligation to protect staff against offensive material such as pornography, the websites used to download porn are also notorious for introducing malware onto the user’s computer and network – Trojans, key loggers and spyware capable of collecting sensitive individual and company data.

To protect against this, organizations need to have in place a comprehensive Web filtering solution to monitor network use and prevent access to unsuitable sites and malicious URLs. This gives the organization greater visibility of network usage, reduces risk, ensures regulatory compliance and helps to guarantee ongoing business continuity.

USBs: a data MP3 for all

With the rise in the use of USB devices such as MP3 players, memory sticks and digital cameras comes another threat – that of pod slurping. A staggering 75% of employees questioned in the survey use USB devices on their company PC or laptop - portable media storage devices which can be used to take confidential company information and business data off the network.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th