UK SMEs underestimate danger posed by their employees

Whilst most SMEs recognize the importance of IT security in a company and would consider installing anti-virus and anti-spam software, they often fail to realize the internal threats that could pose a risk to their business.
Disgruntled employees, such as those facing redundancy, might decide to seek ‘revenge’ on the company that is dismissing them. The easiest way for them to do this is by stealing confidential data and possibly passing it on to a competitor. Sensitive information in the wrong hands could lead to a company’s downfall. However, results obtained from a survey held earlier this year reveal that companies do not believe this to be a major threat to their business; with as many as half of the respondents “not that concerned” about the threat of data being stolen by employees.

The SME Security Report, a survey conducted by GFI Software in February 2009 across IT decision-makers in UK SMEs, showed that whilst the basics of IT security have been largely implemented (96% installed anti-virus, 85% installed anti-spam software and 92% assign user passwords), just 45% of respondents installed preventive measures against portable storage devices which can be used to copy data off the company’s network.
Moreover policies regarding data security are very lax with 60% of companies having either no policy whatsoever, or merely rough guidelines informing employees about the use of portable storage devices on the network. To aggravate matters, employees are not always required to sign these guidelines as a pledge of adherence to them.

The lack of security measures taken extends to 21% of respondents unable to track where business-critical data is being stored at any one point in time; 33% cannot track what portable devices have been connected to the network whilst 41% cannot see what data has been downloaded to these devices. This makes tracing the data leakage back to the source almost impossible.

Walter Scott, CEO of GFI Software , comments, “Endpoint security is absolutely critical even in the best financial times, but with the economy prompting more and more redundancies, there are more disgruntled employees who pose a potential risk to an organization’s data. Network administrators must pay more attention to access rights holders’ ability to copy, edit, delete or distribute data – this need is long overdue and is only more essential in current times. If companies were to have the tools to help them understand the economics and financial costs of unmonitored internet and portable device use, I am certain that they would look at security and data in a totally different way.”

For a copy of the survey results visit: http://www.gfi.com/documents/articles/SME_UK_survey_results.pdf