Employees pass buck on security

Most UK employees are unwilling to take any responsibility for securing their work computers, a recent survey has found. If this situation continues, computer attacks will increase rapidly this year, experts warned.

Nine out of 10 office staff feel they have no part to play in protecting their machines, according to a survey by Novell. They said the responsibility rested with their employer's IT department, Microsoft or the government.

Of 1,000 respondents, two-thirds admitted to having no knowledge of basic virus-prevention measures. More than half regularly forwarded spam to their colleagues, and 10 percent left their password on a Post-it note on their desk.

Novell said this showed firms must do more to train employees to protect corporate networks. It said internet and email usage policies and user-education programmes were a must. "Unless UK businesses start to take user education seriously, we are going to see the impact of cyber crime spiral in 2004," said Steve Brown, managing director of Novell UK.

Security experts have often called on companies to implement education programmes for users to promote good IT security practices and to support technical protection measures. The need for such training has been highlighted recently by the outbreak of the MyDoom worm, which relied on naive users opening attachments to infect machines.

The risks of poor security were also highlighted by the release last week of a patch for Microsoft Windows. The patch fixes a critical vulnerability that could otherwise allow hackers to break into a user's PC and take control of the machine, accessing or deleting data.