Home : Internet : News

Workers the weak link in public IT security

Public sector IT managers are doing their best, but employees ignore security policies, according to new research.

By Nicole Kobie, 7 Dec 2007 at 16:28

Employees are the weakest link when it comes to data security in the public sector, according to research from IT vendor SafeBoot.

The results of the survey will be no surprise to HM Revenue and Customs (HMRC), which had a massive data breach after two discs containing records of 25 million people were lost.

According to the survey of 1,000 employees across multiple sectors, 88 per cent of government organisations have a security policy in place, with two-thirds banning external memory devices to try to prevent security breaches.

Public sector bodies are more likely than those in the private sector to communicate such policies, with half using proactive methods like focus groups, compared to 19 per cent using such methods in the private sector.

But despite this, four out of five people are still ignoring such security policies. Nearly nine out of 10 open unknown emails, three-quarters connect banned external devices to the network, seven out of ten download unsafe web content and close to six people in ten use unencrypted mobile devices - even though all of the above are against many security policies.

Tom de Jongh, product manager at SafeBoot, said: "The public sector receives a bad press for its IT security with numerous high profile data leakage cases, such as HMRC."

Indeed, according to initial reports, HMRC had security policies in place, which were ignored when the records were burned to disc in order to be mailed.

The survey showed that the number one reason employees ignore security policies is ignorance. "This is clearly not the IT department's fault - they are faring well compared to other sectors, but their employees are letting the side down," de Jongh added. "Despite good communication methods, the severity of security and data leakage is not getting through and IT managers are feeling the strain. More education needs to be done."

In the wake of the HMRC data breach, security experts from around the UK said technology should be used, not just policies, to ensure data is safe.

The majority of IT managers in SafeBoot's survey agreed, advising against moving data without encrypting it. "Employees need to show a little more respect and common sense, and businesses need to mitigate the risk by deploying proactive security measures such as data encryption," said de Jongh. This would give workers no choice but to be secure."

The survey also found that public bodies spend less than 10 per cent of their IT budget on security.

Email to a friend

Print this page

Social Bookmark this article: What is this?

Be the first to comment on this article

You need to Login or Register to comment.

Latest Internet Features

IT around the world: Russia

In the first of an on-going series examining IT markets around the globe, we look at whether investing in Russia is worth the risk – and how to go about it the right way.

More Internet Features

Latest Internet Reviews

EXCLUSIVE - Astaro Web Gateway AWG3000

Rating:

Web content filtering is important for many businesses and Astaro's Web Gateway AWG3000 appliance is a sophisticated solution.

More Internet Reviews

Latest News Videos in Internet

Video: Q&A with Easynet Connect's Chris Stening

Play

IT PRO spoke to Chris Stening, managing director of Easynet’s SME division, about whether ISPs are giving businesses the service they deserve.

Blogs

IT PRO RSS feed finally back!

Want more background on today's hottest IT trends?

Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.

Register for IT PRO

You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.