To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://management.silicon.com/smedirector/0,39024679,39168237,00.htm

Staff blamed for SME security breaches
But is it a matter of policy?

By Tim Ferguson

Published: Thursday 23 August 2007

IT managers in small and medium sized businesses (SMEs) blame their fellow workers for online security breaches - despite the fact many SMEs still don't enforce web usage policies.

More than a quarter of European SME IT managers said they believe company employees are responsible for security problems, according to research commissioned by security software company Websense.

The most frustrating problem for IT managers is employee behaviour (cited by nearly a third of managers), followed by security not being high enough on the corporate agenda and then budget constraints.

silicon.com's Full Disclosure campaign - what we are asking for...

silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.

We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the breach has put individuals' sensitive personal data at risk.

We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below, emailing us at editorial@silicon.com or signing the 10 Downing Street e-petition.

The survey found nearly a third of employees said they need to access sites known to present a high security risk, such as peer-to-peer services and free software download sites.

The extent to which workers use the web is highlighted by the finding that European employees spend an average of around two hours per day online at work, with around half an hour of that spent browsing non-work related sites.

But suspicious IT managers believe the time spent on non-work related sites is actually closer to 48 minutes - or the equivalent of four hours per week.

The survey also reveals 23 per cent of SMEs have web security policies but don't require employees to sign up to them. Another 16 per cent have no web usage policy at all, preferring to trust employees to not put them at risk.

The SMB State of Security survey covered 375 IT managers and 375 employees from companies of between 100 and 250 users in France, Germany, Italy, the Netherlands and the UK.