Study: Lax laptop policies create security concerns

TechWorld.com - Company laptops are routinely used to download music and video, access porn, and do online shopping, a new Europe-wide survey has revealed.
So big has the problem become that laptops returning to company networks after their travels are now one of the biggest security hazards faced by many companies. Despite this, 70% of companies questioned offered no written guidance to employees on the use of their machines, and only a quarter imposed technological restrictions.
The survey of employees in 500 companies across the U.K., the Netherlands, Germany, France, and Italy on behalf of Websense Inc., uncovered the tendency of many employees to treat laptops as unofficial personal possessions. The crimes of the mobile workforce are various but include picking up spyware, downloading non-approved software, surfing porn sites, and generally treating the issue of security as a minor concern.
Forty-six percent allowed people outside of work to use their machines. And board level employees were no better than workers at other levels of the organization, with 54% admitting any one of a number of hazardous activities such as downloading non-approved software. The U.K. scored at or near the top on most measures of risky behavior.
"I don't know if it's a lack of awareness or that they [companies] are focused on security from within the network," said Mark Murtagh of Websense. "They are looking at the traditional threat of viruses but not doing a good job of protecting against the evolving threats."
Part of the problem was widespread ignorance of the risks of laptop use -- the survey revealed that only 7% of those asked understood what spyware was -- coupled to a need to use more technology to lock down security, he said.
Companies loaded antivirus software but did not yet see the other types of threat, such as data theft, as critical enough to warrant further investment.
Solutions to the problem are harder to gauge. At an absolute minimum, companies should start asking employees to sign up to reasonable-use guidelines, while IT staff should treat any laptop connecting to the company network after returning from its travels as a major security risk. Longer term, it seems likely that software to lock down and secure laptops will become a standard feature.

Reprinted with permission from

For more enterprise technology news from the U.K., please visit TechWorld.com. Copyright 2006 IDG, all rights reserved.