contents | business | |||||||
| UK Workers Know the Risks, but They Can't Help Clicking Away A survey into the habits of 142 UK office workers conducted by Finjan has uncovered that although they know the security risk to their employers caused by clicking on web-links or opening attachments from unknown sources, they simply can't help themselves. Of those questioned 93 per cent said that they knew that links, attachments, pop boxes and web pages could have spyware or other forms of malicious code embedded within them. However, 86 per cent admitted that they opened attachments and clicked on links without being sure if it was safe to do so. With spam designers becoming increasingly ingenious in creating emails that encourage people to open web-links or attachments, another worrying finding of the survey is that 76 per cent of respondents opened what they assumed to be viral marketing files, such as 'funny' videos, jokes and web sites. Yuval Ben-Itzhak, CTO at Finjan says: "They may think they are downloading a joke email or website but ultimately the joke could very easily be on them and it is not funny at all. Spam emails are making it increasingly difficult for employees to differentiate between genuine and hoax emails, but employers need to take responsibility and take action to protect their systems and data from spyware, viruses and other malicious codes. Clear security policies on what is acceptable and what is not (for example clicking on unknown, non-work related web-links, forwarding such emails to other employees, and opening non-work related attachments) must be supported with stringent security solutions". The survey also revealed that: • 57 per cent of employees click on web-links embedded in 'gossip' and news emails • 64 per cent are happy to open web-links or attachments without checking the authenticity or identity of the originator A recent security audit run by Finjan for a European organisation in the finance sector, usually one of the most security-savvy marketplaces, revealed that an overwhelming 67% of security policy violations discovered over a one week period were related to spyware downloads, attempts to access spyware websites or attempts to access websites that hide executable spyware. "It is no longer good enough for organisations to acknowledge that workers are often the biggest security threat when those workers are being coerced into behaving in a certain way by seemingly innocent websites and emails. This is not a problem that is going to go away, so it is one that must be addressed proactively through security solutions that prevent such malicious code from being accessed and downloaded", Ben-Itzhak concluded. write your comments about the article :: © 2006 Computing News :: home page |