Security awareness still lacking among firms

Nearly half plug in USB sticks without checking where they came from

Around half of UK firms are risking the security of their IT systems, according to new research by consultancy and software testing specialist NCC Group.

The organisation anonymously sent USB memory sticks to 500 finance directors, with an invitation to a fictitious "party of a lifetime", and found that 47 percent inserted the devices.

Had these USBs been carrying custom Trojan software, they could have bypassed traditional antivirus scanning technology and infected the PCs, according to head of penetration testing at NCC Group, Paul Vlissidis.

"It indicates that awareness levels are still very low and that the more senior you get in an organisation, the worse people get," he said. "Having lockdowns for USB ports and other entry points is a good idea, but awareness is the last line of defence – it seems organisations have a long way to go."