Employees the biggest risk to IT security

Forget foreign hackers or hard-drive crashes, the biggest threat to a business’s IT security comes from a much more dangerous source – your employees.

According to a Galaxy Research survey for security firm MessageLabs, 34% of business IT managers in businesses across Australia and New Zealand rate inappropriate web use by employees as the biggest threat to information security.

That makes them a bigger threat than multiple source online attacks (33%) management complacency with existing solutions (13%) and insufficient budget allocation to security (9%).

While almost all IT managers said their business had policies in place to manage employee web usage, most said those policies were not widely known or actively enforced in the workplace.

Australia and New Zealand country manager at MessageLabs, Andrew Antal, says business needs to tell employees they will enforce internet usage policies, and back that up with firm action.

“When employees circulate emails or visit websites featuring pornographic content, gambling, social networking, as well as pirated software, music and videos, they are putting their organisations at risk. This can lead to potentially costly and time-consuming legal, regulatory, security, and productivity headaches for employers of all sizes, in all industries,” he says.

MessageLabs tips for better web security:

1. Put acceptable usage policies in writing.
2. Educate employees about risks, policies, and compliance.
3. Establish email business record retention guidelines.
4. Set rules for personal use.
5. Recap harassment, discrimination, ethics, confidentiality, security, and other policies.
6. Stress compliance with sexual harassment policy.
7. Address monitoring and privacy.
8. Enforce content rules.
9. Support acceptable usage policies with technology.
10. Don’t allow employees to dismiss policy as unenforceable.

Read more on online security