Security experts pay scant attention to privacy issues

Security experts must lead by example if they don't want colleagues inadvertently divulging personal or company data.

Research by security firm Symantec shows that security staff do not practice what they preach when it comes to ensuring company and personal details are kept private.

Just nine per cent of UK security staff read licensing agreements before they install software, and only 36 per cent encrypt sensitive emails.

'People's privacy enhancing behaviour is not always aligned with their beliefs,' said Sarah Gordon, senior research fellow at Symantec.

'I challenge people to examine their role in the organisation to see if their behaviour matches. If you're a security leader, you should be a leader in the right thing,' she said.

Gordon says that security experts need to ensure they are paying attention to privacy issues and taking basic actions such as deleting unnecessary cookies, ensuring browser policies are understood, reading all licensing agreements and encrypting data and email.

The survey found that almost half (48 per cent )of security staff in the UK delete unnecessary cookies, and 81 per cent do not read privacy policies on web sites.

'People don't seem to see that the disclosure control about themselves is important,' Gordon said. 'And this is the same in the US, the UK and the EU.'

'Companies need to develop processes that are synergistic with their core business needs,' she said. 'You must make sure that employees are educated to the ramifications.'

Education will prove the most effective way to get staff operating in a more privacy-conscious manner, according to Gordon.

Gordon says there are basic steps that all businesses should be adhering to, to ensure their infrastructure and privacy is as secure as possible.

• Use anti-virus software that will automatically update itself.
• Use a firewall that works in synergy with the business needs.
• Consider intrusion detection software, but take a holistic and integrated approach.
• Make sure there are policies covering all elements of security and privacy, and ensure people know who to go to if they have a problem.
• Ensure patch management is up-to-date.