Bank staff warned of internet perils
Employees pose the greatest risk, security specialist tells conference
UBS Investment Bank has launched an awareness campaign to educate staff about the security pitfalls of improper use of the internet.
The financial services firm is looking to prevent dangers such as hacking and virus-related downtime by explaining to staff the threats that can result from opening unsolicited emails or downloading non work-related content from the web.
Paul Wood, chief security officer at the bank, told delegates at the Gartner IT Security Summit in London last week that employees are the biggest threat to corporate security.
‘People are the number one security risk for a business and, unfortunately, there is no patch for stupidity,’ said Wood. ‘Staff are our best asset, but they are also a firm’s biggest liability.’
Wood, who has restructured UBS’s security department and moved it from the IT department into an independent operational risk team, says the company has rolled out the mandatory security awareness campaign to all staff.
‘Security is a key business process, and that’s been taken on board by our senior management. This has been echoed by our
chief executive, who delivered a message about security to our staff at the start of the campaign,’ he said.
Wood says that training programmes need to be developed with employees in mind. ‘If I gave the trading floor more than 10 minutes training, they would not do it,’ he said.
Businesses also need to protect against internal dangers by reviewing the IT administration rights of employees and ensuring that they only have access to systems they really need.
Few employees will initially have full IT privileges, but many can build up rights over a period of time, says Wood.
‘Your people already have access to your systems and know the weaknesses in the processes. What happens when someone who doesn’t really need it has access to company systems and then becomes disgruntled? Firms should review who has privileged access to systems,’ he said.