Educating employees helps reduce IT security risks

In the modern world of business, the internet is proving to be a major enabler of business growth, helping businesses to work more efficiently while driving revenue and managing costs. For the vast majority of UK companies, it is a major asset which can be used to facilitate new ways of working and support organisational growth.

But where opportunities lie, there is often an element of risk. While firms can use the web to increase sales and quickly extend their footprint, they also need to be aware of the dangers it can expose them too. When businesses operate online, they simply cannot afford to take any chances with IT security.

The same logic applies whether it is a company with vast volumes of data stored in the cloud, or one which simply uses the web to make employees more productive. All internet users need to ensure their networks and systems are fully protected. Failure to do so can lead to security breaches, reputational damage, financial loss and, in the worst cases, business closure.

IT security throughout the enterprise

Business leaders and IT bosses are likely to be well aware of security themes, and conscious of the need to take the necessary precautions. In almost every case, computers will be equipped with anti-virus software and firewalls, helping to guard against many online attacks. Should employees stray onto an infected site on a company-owned PC, contingencies are in place to limit any damage or loss.

But with fraudsters aware of the vast opportunities to profit online, there are business owners and their employees need to be aware of more sophisticated scams such as phishing and ID theft. Understanding of such dangers is likely to be lower than that for virus attacks, which have occurred since the early days of the internet. And from an employers' perspective, this means staff need to be educated on the threat and able to identify potential risks.

Martyn Ruks, technical director at MWR InfoSecurity, recently warned of lack of skills and security knowledge among UK employees where IT security is concerned. He said this has the potential to jeopardise the secure storage of data and the safety of online connections both now and in the future. Mr Ruks advised that greater emphasis needs to be placed on IT security in schools, so that people enter the workplace with a sound understanding of the risks they may face. This should enable employees to adhere to companies' in-house IT policies more closely, reducing the chances of a breach occurring.

Spam email remains an IT security concern

According to GFI Software, nearly half of all companies have experienced a data breach as a result of employees clicking on malicious links or files within spam emails. Some 40 per cent of respondents said their systems had been breached as a result of spam, and 4.5 per cent did not know whether they had been compromised. And worryingly, 70 per cent of firms said their anti-spam solution is either marginally effective (62 per cent) or not effective at all (eight per cent). This highlights the importance of training employees to recognise fake emails, circulated by criminals aiming to infect users' systems and steal confidential data.

Some 61 per cent of GFI Software respondents said they had seen spam email volumes increase during the last year, reinforcing the extent of the problem. Of those surveyed, 74.5 per cent said they receive too many suspicious messages in their inboxes. Phil Bousfield, general manager of GFI Software's Infrastructure Business Unit, noted that the spam problem is not going away. "In fact, the delivery of malicious links and files makes it more dangerous than ever before," he added. "Businesses need to respond by taking advantage of all the latest spam-fighting technologies available to them."

Mr Bousfield said the most effective way to stop spam - and phishing attacks - is to employ a multi-layered defense that encompasses on-premise and cloud-based anti-spam solutions. But if employees continue to unwittingly click on dodgy links, their employers' best IT security efforts may be in vain. This is why it is essential for businesses to not only have solution-level defenses, but also continue to reinforce security best practice among the workforce. This way, if breaches do occur, the company has at least gone to all reasonable lengths to prevent the occurrence in the first instance.

Businesses must take sufficient care with data

Businesses may understand the basic message about IT security, and have gone to some lengths to prevent attacks against their systems. But according to Greg Day, Europe, Middle East and Africa security chief technology officer and director of security strategy at Symantec, many firms are still not going as far as they need to. In many cases, this is because they are unaware of the potential costs associated with data loss, he said.

And all too often, businesses are the last to know they have lost data, Mr Day stated. "Normally it's a copy taken or left behind - but with duplicates in the business the loss is often missed," he said. "Businesses do back-up their core data and valuable intellectual property but often don't back-up 'other' valuable data which is used by people every day, such as data on desktops, personal folders and emails." This information is often overlooked because it is on a computer, the expert stated." As most businesses are unable to put a value on this 'other' data, they often don't understand its commercial value."


With cybercrime costing the UK economy £27 billion every year - as reported by the Cabinet Office - it is clear that there are still a great number of victims. But businesses have access to both the knowledge and IT solutions they need to guard against attack. User error may always be an issue to some extent, but they should be able to minimise losses through education schemes and by deploying suitable solutions. So long as they are prepared to devise an appropriate security plan, and carry it out sensibly and diligently, companies should be able to ensure the internet remains a force for good in their organisation.

Comments (0)

Skip to main content