|Are workers putting their companies at risk by acting unsafely online?|
A survey1 carried out by Sophos, a global leader in protecting organizations against viruses, spyware and spam, has revealed that 79% of IT professionals believe that employees are putting their companies at risk by failing to act safely online. Sophos warns that despite instructions from IT departments, many employees continue to open unsolicited emails and attachments and download malware from websites.
With cybercrime becoming increasingly more financially motivated, Sophos warns that these employees are jeopardizing the bottom lines of their employers and urges organizations to deal with this problem as soon as possible. Sophos appeals to board level management to lead from the top and champion this cause throughout the company.
"In most cases, it's not that people deliberately behave recklessly online - rather, they don't know how to act responsibly, and may not be fully aware of the potential consequences of unsafe internet and email usage," said Graham Cluley, senior technology consultant at Sophos. "Whether staff are downloading and opening unsolicited attachments, or surfing the web for sordid content not permissible at home, it's the responsibility of the company to ensure that employees are educated about the risks, and given the right tools to defend themselves."
Sophos lists the 'sinful seven' online activities at work as follows:
- Downloading music and movies
- Opening email attachments or clicking on links in unsolicited emails
- Surfing pornographic or other dubious websites
- Running "joke" programs sent by friends and colleagues
- Installing unauthorized software and web browser plug-ins
- Giving information to unknown parties via phone or email
- Using the same password on different websites
Sophos notes that the actions which lead to employees compromising an organization's IT security are, in most cases, deemed as serious offences. Another Sophos poll2 showed that 63% of IT professionals think that workers who do not follow safe computing guidelines, despite being made aware of the risks, should receive official warnings, followed by dismissal. 10% believed the employees should be instantly dismissed.
"These results show that IT departments are taking security seriously," continued Cluley. "IT managers must now look to enforce strict policies on internet and email use to ensure business networks remain safe and secure, as well as running anti-virus and other security software. Users, for their part, must sit up and listen to the advice they are given by their IT teams or risk losing their jobs."
Sophos recommends that companies combine a safe computing policy to ensure employees act safely online, with protection at the email gateway to defend against viruses, spyware and spam. Businesses should also secure their desktop and servers with automatically updated protection.
- 410 respondents. Poll conducted by Sophos between 25 August and 7 September, 2005
- 491 respondents. Poll conducted by Sophos between 28 July and 4 August, 2005
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.