Staff misuse of the Internet risks damaging reputation of UK companies Some 90 percent of all companies said protecting their reputation was one of the most important drivers for information security. Some 88 percent of business Internet connections are now broadband, increasing the risk of damage to reputation through staff misuse of web or e-mail. In recognition of this, one and a half times as many companies have an acceptable policy for Internet usage as two years ago: 63 percent of all companies and 89 percent of large ones have an acceptable usage policy. This is more than have an overall information security policy. After the sharp rises in staff misuse levels seen two years ago, the number of companies affected has now stabilised, reflecting the impact of the improved levels of control. One in five companies overall was affected. Two-thirds of large businesses had at least one misuse incident in the last year. Some small companies reported hundreds of e-mail abuses every day. However, there are many UK businesses that are not taking the risks seriously. Three-fifths do not block access to inappropriate websites. Only one in six scans outgoing e-mail for inappropriate content. Key findings from the telephone survey of 1,000 companies include: * Some 97 percent of companies now have an Internet connection and 88 percent of these are broadband; in the 2004 survey Internet usage was at 93 percent but most small business connections were dial-up. * 17 percent of UK businesses suffered staff misuse of web access and 11 percent had misuse of email. Larger companies are more likely to have incidents involving staff misuse - 52 percent had web misuse and 43 percent had e-mail misuse. * 41 percent of the worst incidents involved staff accessing inappropriate websites and a further 36 percent of worst incidents related to excessive web surfing. The most serious of such incidents involved access to illegal material; several companies reported incidents of staff accessing child pornography. * The average cost of individual incidents of misuse was relatively low compared with other types of security breach, with less than 10 percent causing business disruption or direct cash costs. * Technology, telecommunications and utility companies were most likely to report incidents; retail and travel were the least likely. * There has been a big increase in the proportion of UK businesses that filter incoming e-mail for unsolicited messages (spam); two thirds of the businesses that do not scan incoming e-mails for viruses do filter for spam and block suspicious attachments. * Protecting confidential information sent by e-mail is still rare - in only a quarter of UK businesses can staff send encrypted email to the company's business partners. * Roughly one in five UK companies allows staff to download free auto-address software onto their PCs despite the fact that such software often stores confidential information such as e-mail addresses on a third party's servers. www.security-survey.gov.uk
•Date: 31st March 2006• Region: UK• Type: Article •Topic: ISM |
