Employees Still Flouting Security Policies, Study Says

Many companies believe their data is at risk because they can't stop employees from using unauthorized Web services and applications, according to a study published today.

Three out of 10 organizations report that their business' Web security has been compromised by employees' use of personal Webmail accounts, social networking sites, and online video, according to Webroot, the security software vendor that conducted the research.

More than a third of respondents estimate that employees spend more than an hour a day on non-work-related sites, according to the study. Only 15 percent of the 648 companies surveyed gave their enforcement of Internet usage policies an "A" on a conventional "report card" grading scale.

"Businesses are taking measures to protect against email-based threats, but they are not yet attuned to the greatest threat vector today: Web-based threats driven by employee Web use," says Mike Irwin, COO of Webroot. "We found that Web-borne malware increased over 500 percent in 2007, as cybercriminals developed new ways to attack on-site and remote employees through personal Web mail accounts, social networking sites and other Web 2.0 applications."

One out of four businesses reported that a Web-based threat had compromised their confidential information, threatened online transactions, or caused a Web server outage. Yet nearly 30 percent of those surveyed said they did not know whether their organization or its employees are using Web 2.0 applications.

— Tim Wilson, Site Editor, Dark Reading