Security Must Focus on Desktop Policy

The challenge of controlling security threats triggered by users in the workplace shows no sign of abating, new research commissioned by Check Point Software Technologies suggests. The study carried out by YouGov, which sampled over 1,000 UK corporate employees, reveals that 60% of users accessed personal web and email applications such as MySpace, Hotmail and Gmail from their work computers at least once a week, with 28% using an instant messenger (IM) application.

Outside the control of an organisation, such applications can increase the risk of the company network being hit with malicious software, designed to steal data, or worms and viruses that can paralyse company systems.

The research also indicates that most users are probably unaware of the risk posed by their behaviour with 90% of those surveyed believing that their work computer is either fairly or very secure, with 67% trusting that their IT department has taken the necessary measures to secure their device against threats. These findings suggest users have a limited sense of responsibility for IT security.

The influence of major events on the downloading of personal email files to company PCs was also reflected in the amount of respondents -34% – who had opened attachments during this year’s World Cup. The research also highlights a number of areas where unintentionally users could be increasing security risks; 28% of the employees share files with family and friends and 25% allowed others to go online using their work computer, effectively forfeiting control over what is being used on or downloaded to their devices. Just under half said that they connect devices to their computers such as cameras, music players, mobile phone and PDA.

Commenting on the research findings, Nick Lowe, regional director, northern Europe, at Check Point, said:

“This research highlights a picture of user behaviour that is likely to become more problematic for an IT organisation. It demonstrates just how much of a challenge the IT department has in setting the perimeters for access and educating users. Companies are already struggling to control what users access or connect to their PCs and laptops, and as the application and device landscape continues to evolve and user targeted threats increase, the Œminefield¹ will only intensify. If an organisation has a flexible workforce, mobile or remote employees, or a considerable number of users, keeping track of everyone’s behaviour is an enormous task for the IT department.

Lowe concludes: “Rather than fire-fight user behaviour or create a locked-down infrastructure, companies can tackle this issue by enforcing a comprehensive desktop policy. Deploying an integrated endpoint solution that defeats PC-borne threats would enable the organisation to maintain network availability and secure its confidential information while keeping employees productive. For companies with a considerable number of users, deploying endpoint security under a centralised security architecture would also minimise the time and cost of defending the enterprise against the risks of unsolicited user behaviour.”