Security News > 2004 > November > Study: Lax laptop policies create security concerns

Study: Lax laptop policies create security concerns
2004-11-02 08:52

http://www.computerworld.com/securitytopics/security/story/0,10801,97094,00.html By John E. Dunn NOVEMBER 01, 2004 TECHWORLD.COM Company laptops are routinely used to download music and video, access porn, and do online shopping, a new Europe-wide survey has revealed. So big has the problem become that laptops returning to company networks after their travels are now one of the biggest security hazards faced by many companies. Despite this, 70% of companies questioned offered no written guidance to employees on the use of their machines, and only a quarter imposed technological restrictions. The survey of employees in 500 companies across the U.K., the Netherlands, Germany, France, and Italy on behalf of Websense Inc., uncovered the tendency of many employees to treat laptops as unofficial personal possessions. The crimes of the mobile workforce are various but include picking up spyware, downloading non-approved software, surfing porn sites, and generally treating the issue of security as a minor concern. Forty-six percent allowed people outside of work to use their machines. And board level employees were no better than workers at other levels of the organization, with 54% admitting any one of a number of hazardous activities such as downloading non-approved software. The U.K. scored at or near the top on most measures of risky behavior. "I don't know if it's a lack of awareness or that they [companies] are focused on security from within the network," said Mark Murtagh of Websense. "They are looking at the traditional threat of viruses but not doing a good job of protecting against the evolving threats." Part of the problem was widespread ignorance of the risks of laptop use -- the survey revealed that only 7% of those asked understood what spyware was -- coupled to a need to use more technology to lock down security, he said. Companies loaded antivirus software but did not yet see the other types of threat, such as data theft, as critical enough to warrant further investment. Solutions to the problem are harder to gauge. At an absolute minimum, companies should start asking employees to sign up to reasonable-use guidelines, while IT staff should treat any laptop connecting to the company network after returning from its travels as a major security risk. Longer term, it seems likely that software to lock down and secure laptops will become a standard feature. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/


News URL

http://www.computerworld.com/securitytopics/security/story/0,10801,97094,00.html