ITPRO

Printed from www.itpro.co.uk

Register to receive our regular email newsletter at http://www.itpro.co.uk/registration.

The newsletter contains links to our latest IT news, product reviews, features and how-to guides, plus special offers and competitions.

Skip to navigation

    User inexperience threatens network security

A security consultancy is warning corporates to ignore access controls and training at their peril as they loosen their grip on the network.

By Miya Knights, 14 Apr 2008 at 12:21

A security consultancy is today warning that inexperienced users pose a serious threat to corporate networks.

While organisations are giving users greater freedom on the corporate network, they are neglecting to ensure the necessary security training is in place to maintain system integrity, according to specialist UK information security consultancy dns.

The firm pointed to a government survey into the reasons behind information security breaches conducted by PriceWaterhouseCoopers for the Department of Business, Enterprise and Regulatory Reform (BERR) to back up its warnings.

The BERR research found that while seven out of eight firms had information security policies in place, they are slowly loosening their grip on securing user network access.

Over half (54 per cent) of companies allowed staff to access systems remotely, presenting a greater opportunity for them to miss out on training around basic computing practices and security policy, potentially leaving the back door open to cyber criminals, dns said.

The firm added that in an effort to take active interest in securing the network, many orgainsations have tried to introduce behavioural change programmes as a way of re-educating users.

But, with ineffective security policies at the heart of the problem, it said companies must take a more definitive approach to managing their networks and user behaviour.

Natasja Bolton, dns head of assurance services, said staff training on best practice computing and enforcing an active security policy is essential in preventing increasingly sophisticated threats from disrupting the network.

She said: "Responsibility rests with each organisation to implement their own security policy and ensure that they are fully protected. But, while it is commendable that many companies have taken steps to protect themselves, they can't hope to keep mitigating threats if users are not taking basic precautions when accessing the network remotely."

Bolton warned that increasing pressure on the IT team to expand network accessibility must be offset by an increased focus on staff training to ensure a lack of basic understanding of current threats does not lead to compromising the network due to user error.

She advised companies to look at outsourcing complex infosec work to free up the in-house IT team to deliver adequate staff training. "Users don't need in-depth knowledge of penetration testing or web application security; all they need to know is how to log on and surf safely," Bolton added.

"Managing this process 24 hours a day will leave companies in a better position to identify vulnerabilities and train staff to stick to acceptable user guidelines," she said. "This strategy can help firms reclaim control of user activity and help to enforce active security policies."

Email to a friend

Print this page

Social Bookmark this article: What is this?

Be the first to comment on this article

You need to Login or Register to comment.

advertisement
advertisement

    Latest News Videos in Security

Video: Mobile security threats and Mac complacency

Play Video: Mobile security threats and Mac complacency   Play

Part two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.

 

    White papers

Want more background on today's hottest IT trends?

Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.

    Register for IT PRO

You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.

Advertisement