User inexperience threatens network security
By Miya Knights,
A security consultancy is today warning that inexperienced users pose a serious threat to corporate networks.
While organisations are giving users greater freedom on the corporate network, they are neglecting to ensure the necessary security training is in place to maintain system integrity, according to specialist UK information security consultancy dns.
The firm pointed to a government survey into the reasons behind information security breaches conducted by PriceWaterhouseCoopers for the Department of Business, Enterprise and Regulatory Reform (BERR) to back up its warnings.
The BERR research found that while seven out of eight firms had information security policies in place, they are slowly loosening their grip on securing user network access.
Over half (54 per cent) of companies allowed staff to access systems remotely, presenting a greater opportunity for them to miss out on training around basic computing practices and security policy, potentially leaving the back door open to cyber criminals, dns said.
The firm added that in an effort to take active interest in securing the network, many orgainsations have tried to introduce behavioural change programmes as a way of re-educating users.
But, with ineffective security policies at the heart of the problem, it said companies must take a more definitive approach to managing their networks and user behaviour.
Natasja Bolton, dns head of assurance services, said staff training on best practice computing and enforcing an active security policy is essential in preventing increasingly sophisticated threats from disrupting the network.
She said: "Responsibility rests with each organisation to implement their own security policy and ensure that they are fully protected. But, while it is commendable that many companies have taken steps to protect themselves, they can't hope to keep mitigating threats if users are not taking basic precautions when accessing the network remotely."
Bolton warned that increasing pressure on the IT team to expand network accessibility must be offset by an increased focus on staff training to ensure a lack of basic understanding of current threats does not lead to compromising the network due to user error.
She advised companies to look at outsourcing complex infosec work to free up the in-house IT team to deliver adequate staff training. "Users don't need in-depth knowledge of penetration testing or web application security; all they need to know is how to log on and surf safely," Bolton added.
"Managing this process 24 hours a day will leave companies in a better position to identify vulnerabilities and train staff to stick to acceptable user guidelines," she said. "This strategy can help firms reclaim control of user activity and help to enforce active security policies."
advertisement
Latest Security Features
Top 10 security predictions for 2009
What will next year hold in the ever-changing world of IT security?
- Top 10 reviews of 2008
- The year in IT news
- Top 10 security stories of 2008
- PCI's Bob Russo: Data loss hurts brand more than a fine
- How to be a successful online fraudster
- What you need to know about ID cards
- Lessons to learn from a year of data breaches
- Q&A: DNS inventor Paul Mockapetris
- Is the password ill-equipped for the modern world?
Latest Security Reviews
EXCLUSIVE - eSoft ThreatWall 250
Rating: 
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
PlayPart two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?