Check Point: Security Must Focus On Desktop Policy
08.11.2006
The challenge
of controlling security threats triggered by
users in the workplace shows no sign of
abating, new research commissioned by Check
Point
Software
Technologies suggests.
The study carried out by YouGov, which
sampled over 1000 UK corporate employees,
reveals that 60 per cent of users accessed
personal
Web and
e-mail applications such as MySpace,
Hotmail and Gmail from their work
computers at least once a week, with 28
per cent using an instant messenger (IM)
application.
Outside the control of an organisation, such
applications can increase the risk of the
company network being hit with malicious
software, designed to steal data, or worms
and viruses that can paralyse company
systems.
The research also indicates that most users
are probably unaware of the risk posed by
their behaviour with 90 per cent of those
surveyed believing that their work
computer is either fairly or very
secure, with 67 per cent trusting that their
IT department has taken the necessary
measures to secure their device against
threats. These findings suggest users have a
limited sense of responsibility for IT
security.
The influence of major events on the
downloading of personal e-mail files to
company PCs was also reflected in the amount
of respondents - 34 per cent had opened
attachments during this year’s World Cup.
The research also highlights a number of
areas where unintentionally users could be
increasing security risks; 28 per cent of
the employees share files with family and
friends and 25 per cent allowed others to go
online using their work computer,
effectively forfeiting control over what is
being used on or downloaded to their
devices. Just under half said that they
connect devices to their computers such as
cameras, music players,
mobile phone and PDA.
Commenting on the research findings, Nick
Lowe, regional director, northern Europe, at
Check Point, said: “This research highlights
a picture of user behaviour that is likely
to become more problematic for an IT
organisation. It demonstrates just how much
of a challenge the IT department has in
setting the perimeters for access and
educating users.
Companies are already struggling to control
what users access or connect to their PCs
and laptops, and as the application and
device landscape continues to evolve and
user targeted threats increase, the
‘minefield’ will only intensify. If an
organisation has a flexible workforce,
mobile or remote employees, or a
considerable number of users, keeping track
of everyone's behaviour is an enormous task
for the IT department.
Lowe concludes: “Rather than fire-fight user
behaviour or create a locked-down
infrastructure, companies can tackle this
issue by enforcing a comprehensive desktop
policy. Deploying an integrated endpoint
solution that defeats PC-borne threats would
enable the organisation to maintain network
availability and secure its confidential
information while keeping employees
productive. For companies with a
considerable number of users, deploying
endpoint security under a centralised
security architecture would also minimise
the time and cost of defending the
enterprise against the risks of unsolicited
user behaviour.”
Related information
