BBC News recently covered
the results of a survey published by anti-virus firm
McAfee. They report that
about 50% of senior managers in smaller businesses blame their staff for virus
outbreaks. It was also found that staff had installed unauthorised software on
their PCs and disabled the security systems that should have protected them.
Over half of the firms question in the survey admitted they had suffered
some damage as the result of a virus.
The survey revealed that many firms had invested in the security technologies,
but at the expense of educating the users. McAfee's spokesman Sal Viveros said
to BBC News Online, "Businesses can have the most robust and
integrated security system in the world, but one rogue end user could still be
responsible for introducing malicious code on to the network with potentially
serious consequences."
Another problem is that some of the staff appear to not learn - after years of
being told not to open attachments in emails they were not expecting, most were
still quite happy to open up anything that winds up in their inbox.
Another result from McAfee's survey is that out-of-date antivirus software is
often to blame for not stopping the outbreaks. Without keeping the software
and signatures up to date, the users are being lulled into a false sense of security
believing that if they make a mistake the antivirus software will take care of it.
A different approach
Mr Viveros added, "Ideally they would be able to create security policies that
are enforceable and take security out of end user's hands." He explained that
small firms should think more deeply about the way they approached security issues.
Instead of relying on anti-virus software and security problems in a reactive fashion,
they should put in place an architecture that increases the layers of protection between
the outside world and the end users.
He added that time constraints meant that many of the smaller businesses could only
concentrate on their core business rather than become concerned about developments in
computer security or keep up-to-date with the latest security problems.
Some network management firms are appearing on the scene that do the
security work for small businesses, but these were not being taken up in any
significant numbers. These range in size to outsourcing all internet and intranet
connectivity to a more specialised service that offers a cleaned email feed to the
customer.
Viruses are unfortunately part of the world we live in. However, proper management
and understanding of the threat will help keep the risks to a minimum, but the no-risk
situation is unattainable on any computer system whether connected to the Internet or
not, when users have access to the machines. This risk we just have to live with.
|