Viruses are a threat. Denial of service attacks are scary. Your employees, however, are your biggest threat.

While 98% of Canadian business leaders and decision makers believe it is important for a company to secure sensitive data.

A recent Fusepoint/Sun Microsystems/Leger Marketing survey reveals that business leaders believe the greatest threat is not from a malicious external attack, but rather from the hands of an uninformed employee. The research showed that 46% percent of respondents said that employees who accidentally download security-compromising viruses, spyware or adware pose a greater data security risk to a company than external agents like hackers, cited next at 40%.

Of the 556 executive interviewed for the survey, 55% say that their confidential and private data is at risk of an attack, despite the fact that most consumers (58%) would immediately terminate their relationship with a company that compromised their personal information.

Poll results also showed that more than one in 10 Canadian consumers (14%) believe they have already been a victim of identity theft with 38% of respondents saying they know someone who has been a victim of identity theft. In addition, 74% of consumers believe that everybody – including those possessing advanced technological know-how – is at equal risk of identity theft.

“With the exponential growth in the volume and sophistication of online threats, executives must heed their customers’ calls to take the necessary steps to protect their data and infrastructure from being compromised,” said George Kerns, President and CEO, Fusepoint Managed Services. “This is not a simple business issue. It’s a fundamental matter of trust.”

“Smart enterprises know security and privacy are good for business, and yet many companies in Canada and around the world don’t take this message to heart,” said Andy Canham, president of Sun Microsystems of Canada Inc. “Any business that values their customer base will invest in systemic security practices that ensure they manage security risks, and meet compliance regulations, as well as achieve business growth goals.”

Another 14% believed the greatest threat would come from disgruntled employees who gain unauthorized access to information.

“The reality is that many businesses are operating under a false sense of security, as all too often we see corporate networks become compromised by an ‘igloo effect’ of sorts,” said Dr. Clemens Martin, University of Ontario Institute of Technology. “All it takes is one ill-advised employee to unknowingly compromise a network’s hard outer shell, and all other security measures in place could simply melt away.”

RELATED FEATURES:

Protecting your goods

Securing your intranet from the inside

Intranet sprawl and renegade development (back issue)

Email and intranet are biggest wireless threats

A new survey on mobile security by Good Technology reveals that e-mail and the corporate intranet are the top two security concerns slowing the widespread adoption of enterprise handheld computing using PDAs like the Blackberry or Trio.

The Good Technology (a provider of industry standards-based enterprise handheld computing software and service) survey included the voluntary participation of nearly 600 U.S.-based IT professionals and executives representing companies of 150 to 16,000 employees.

Findings include:

·     79% of respondents consider email to be the greatest source

·     26% of respondents regard as the greatest vulnerability

·     48% of respondents stated that firewall vulnerability (open firewall holes to allow inbound wireless device traffic, risk of denial of service attacks, or other unauthorized intrusion) concerns them most

·     30% of respondents are not likely at all to deploy a wireless solution that requires opening firewall ports, making perimeter security a top priority when selecting a mobile email solution

·     Top wireless security concern: selected handheld security (protecting data on the handheld if it is lost, stolen or misplaced) cited by 29% of individuals surveyed

"The enterprise mobile email and handheld computing markets have grown exponentially over the past five years. But this growth has created a corresponding surge in security vulnerability over the same time period," said Rick Osterloh, vice president, Product Management and Marketing, Good Technology. "This survey reveals important concerns and underscores the requirement for comprehensive mobile security. (Good Technology has) has united device and security management, and are enabling IT to establish an automated system for compliance—all in a single, integrated solution."

Handheld Compliance On-device data encryption remains top of mind for IT administrators.

·     59% will not deploy a solution that does not encrypt data on the device.

·     65% of individuals surveyed stated that wireless enforcement of virus protection, along with the ability to update virus files over the air, are very important handheld security features

Remote control of password policy is considered a very important handheld security requirement by 55% of respondents; only 18% are comfortable with simple user name and password authentication, traditionally used as a primary layer of protection.

In addition, 57% of respondents believe that the ability to wirelessly specify applications that must be present on the device to be very important, demonstrating the increasing importance of handheld compliance with broader corporate security policy.

Proliferation of Handhelds Drives Need for Automated Security and Device Management

While the ability to detect and control applications on handhelds remains a top concern, the study concluded the majority of enterprises do not have standard operating procedure to address this issue; 70% of respondents do not have an automated mechanism to determine which applications mobile users have on their devices. Only half 53% are currently able to enforce security and password policies consistently and effectively on devices without end-user dependency.