Employers show alarming complacency when it comes to combating spyware in the workplace, according to a survey by SurfControl, an internet security company providing web and e-mail filtering.
The poll of 300 PC users found that 21.3 per cent of all respondents’ employers did not prohibit the use of Instant Messaging to contact friends, web-based email, recreational surfing, downloading free software, personal online banking, storing personal files, sharing free music/video files, playing online games, running CD-Rom/DVD media or the use of USB flash drives on work PCs.
This finding reflects what the survey authors call a worrying attitude among senior management of not being prepared to take responsibility for internet threats and more specifically the growing menace that is spyware. This very real threat is a common symptom of the often abusive on-line activities that employers continue to allow in the workplace and, by doing so, it is claimed, they are not only impacting their network performance but are compromising the productivity of employees whilst putting themselves at legal risk.
What they say
Martino Corbelli, marketing director of SurfControl, says: "It takes only one flash drive or one shared file to put a company network under threat but employers seem to be burying their heads in the sand rather than combating such an inevitable attack. These survey results are a damning indictment of the UK business community – it is human nature that people will do as much as they can get away with and as long as employers fail to put appropriate and consistent policies, education and technology in place employees will continue to treat their work PCs as their own.”
Half, 53.7 per cent, of respondents claimed to be governed by an Acceptable Use Policy (AUP) that outlines what staff can and cannot do when using company-provided computer resources. The survey also found a third, 34.3 per cent, of respondents to be policed by filtering technology that blocks inappropriate or malicious content from entering or leaving the company’s network.
The clear discrepancies between these figures show two issues, according to SurfControl. Firstly, it is claimed, that a large number of companies are doing nothing to govern, manage and protect their networks from spyware and an even higher number are only going half way to combating the problem. Time and time again, the firm adds, we have seen that policies alone – although essential from a legal perspective – are not enough to protect against a breach of company rules.
Corbelli adds: "Because of their use – and abuse – of corporate networks, users are often seen as the main contributors to Internet security problems. However, the reality of this situation is precisely the opposite – it is the employers that are simply not doing enough to protect their assets, their brand and their people. This is Russian roulette on a corporate level. Only when employers take responsibility for their systems and infrastructure by delivering continuous protection through technology in line with corporate policy and user education, will workers be considered as an additional layer of security. Right now, most IT departments regard users as the culprits responsible for bringing networks to their knees. Until there is a significant attitude change in the boardroom there is only one place to apportion blame and that is at the office door of the complacent managers and directors that allow users to get away with bringing spyware, malicious code and any other inappropriate content into their business environment."
You can download free white papers on the threat of malware
