Call to action for Security Administrators

 

Bruce Schneier nicely summarises a recent McAfee study in Europe about employee attitudes to corporate IT resources

  • One in five workers (21%) let family and friends use company laptops and PCs to access the Internet.
  • More than half (51%) connect their own devices or gadgets to their work PC.
  • A quarter of these do so every day.
  • Around 60% admit to storing personal content on their work PC.
  • One in ten confessed to downloading content at work they shouldn’t.
  • Two thirds (62%) admitted they have a very limited knowledge of IT Security.
  • More than half (51%) had no idea how to update the anti-virus protection on their company PC.
  • Five percent say they have accessed areas of their IT system they shouldn’t have.

I think the first one is the scariest, quickly followed by point 6 – 62% admitting they have limited knowledge of IT security. If I was a security administrator, this would concern me greatly. When you think about it though, the basic points which any employee using IT resources in an organisation should be aware of – anti-virus/OS updates and  monitoring of  internet  usage –  should be introduced at orientation or training days.

Employees should definitely not have the opportunity to say "I didn’t know about that" if something unexpected happens as a result of their tinkering or negligence.

 

One thought on “Call to action for Security Administrators

Leave a Reply

Your email address will not be published. Required fields are marked *