Company laptops are routinely used to download music and
video, access porn, and do a spot of online shopping, a new
Europe-wide survey has revealed.
The problem has become so big that laptops returning to company
networks after their travels are now one of the biggest security
hazards faced by many companies. Despite this, 70% of companies
questioned offered no written guidance to employees on the use of
their machines, and only a quarter imposed technological
restrictions.
The survey of employees in 500 companies across the UK, the
Netherlands, Germany, France, and Italy on behalf of Websense,
uncovered the tendency of many employees to treat laptops as
unofficial personal possessions. The crimes of the mobile workforce
are various but include picking up spyware, downloading
non-approved software, surfing porn sites, and generally treating
the issue of security as a minor concern.
An astonishing 46% allowed people outside of work to use their
machines. And board level employees were no better than workers at
other levels of the organisation, with 54% admitting any one of a
number of hazardous activities such as downloading non-approved
software. The UK scored at or near the top on most measures of
risky behaviour.
"I don’t know if it’s a lack of awareness or that they
[companies] are focused on security from within the network," said
Mark Murtagh of Websense. "They are looking at the traditional
threat of viruses but not doing a good job of protecting against
the evolving threats."
Part of the problem was widespread ignorance of the risks of
laptop use - the survey revealed that only 7% of those asked
understood what spyware was - coupled to a need to use more
technology to lock down security, he said.
Companies loaded anti-virus software but did not yet see the
other types of threat, such as data theft, as critical enough to
warrant further investment.
Solutions to the problem are harder to gauge. As an absolute
minimum, companies should start asking employees to sign up to
reasonable use guidelines, while IT staff should treat any laptop
connecting to the company network after returning from its travels
as a major security risk. Longer term, it seems likely that
software to lock down and secure laptops is now likely to become a
standard feature.
John E. Dunn writes for Techworld.com