Online staff pose risks

DTI survey finds staff at fault for many enterprise security breaches

UK businesses are still not doing enough to stop staff misusing email and web systems at work, and could suffer lower productivity, damaged reputations and even legal action as a result, according to new research from the DTI.

The DTI’s latest biennial Information Security Breaches Survey, for 2006, found 37 percent of firms did not have a web and email usage policy, though staff misusing the internet ranked second as a cause of security problems.

“Increasing broadband access means the internet is only a click away for staff, which can be a good or bad thing,” said Chris Potter of PricewaterhouseCoopers, which led the survey. “Large companies in particular are affected by [staff misuse].”

Acceptable usage policies are vital to define inappropriate content and what constitutes excessive personal use of the web, Potter said. Such policies could also reduce claims for unfair dismissal and other legal actions. “Most firms are setting guidelines but many are leaving themselves exposed,” Potter added. “[Viewing illegal content] can cause offense to other staff and isn’t good for team morale.”

The survey also found that while most firms scanned incoming emails and downloads, less than 30 percent checked outbound messages. This raises the risk of confidential or inappropriate data being sent, which could damage firms’ reputations or cause legal problems, Potter said. Last week saw the first successful libel suit for comments posted online, highlighting the dangers for firms that do not check outbound messages.

The report's findings will be released in full at the Infosecurity Europe event in April.