User inexperience threatens network security

gallery

A security consultancy is today warning that inexperienced users pose a serious threat to corporate networks.

While organisations are giving users greater freedom on the corporate network, they are neglecting to ensure the necessary security training is in place to maintain system integrity, according to specialist UK information security consultancy dns.

The firm pointed to a government survey into the reasons behind information security breaches conducted by PriceWaterhouseCoopers for the Department of Business, Enterprise and Regulatory Reform (BERR) to back up its warnings.

The BERR research found that while seven out of eight firms had information security policies in place, they are slowly loosening their grip on securing user network access.

Over half (54 per cent) of companies allowed staff to access systems remotely, presenting a greater opportunity for them to miss out on training around basic computing practices and security policy, potentially leaving the back door open to cyber criminals, dns said.

The firm added that in an effort to take active interest in securing the network, many orgainsations have tried to introduce behavioural change programmes as a way of re-educating users.

But, with ineffective security policies at the heart of the problem, it said companies must take a more definitive approach to managing their networks and user behaviour.

Natasja Bolton, dns head of assurance services, said staff training on best practice computing and enforcing an active security policy is essential in preventing increasingly sophisticated threats from disrupting the network.

She said: "Responsibility rests with each organisation to implement their own security policy and ensure that they are fully protected. But, while it is commendable that many companies have taken steps to protect themselves, they can't hope to keep mitigating threats if users are not taking basic precautions when accessing the network remotely."

Bolton warned that increasing pressure on the IT team to expand network accessibility must be offset by an increased focus on staff training to ensure a lack of basic understanding of current threats does not lead to compromising the network due to user error.

She advised companies to look at outsourcing complex infosec work to free up the in-house IT team to deliver adequate staff training. "Users don't need in-depth knowledge of penetration testing or web application security; all they need to know is how to log on and surf safely," Bolton added.

"Managing this process 24 hours a day will leave companies in a better position to identify vulnerabilities and train staff to stick to acceptable user guidelines," she said. "This strategy can help firms reclaim control of user activity and help to enforce active security policies."

Email to a friend

Print this page