Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Study: Lax laptop policies create security concerns

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Study: Lax laptop policies create security concerns
Date: Tue, 2 Nov 2004 02:52:04 -0600 (CST) 
http://www.computerworld.com/securitytopics/security/story/0,10801,97094,00.html

By John E. Dunn
NOVEMBER 01, 2004 
TECHWORLD.COM

Company laptops are routinely used to download music and video, access
porn, and do online shopping, a new Europe-wide survey has revealed.

So big has the problem become that laptops returning to company
networks after their travels are now one of the biggest security
hazards faced by many companies. Despite this, 70% of companies
questioned offered no written guidance to employees on the use of
their machines, and only a quarter imposed technological restrictions.

The survey of employees in 500 companies across the U.K., the
Netherlands, Germany, France, and Italy on behalf of Websense Inc.,
uncovered the tendency of many employees to treat laptops as
unofficial personal possessions. The crimes of the mobile workforce
are various but include picking up spyware, downloading non-approved
software, surfing porn sites, and generally treating the issue of
security as a minor concern.

Forty-six percent allowed people outside of work to use their
machines. And board level employees were no better than workers at
other levels of the organization, with 54% admitting any one of a
number of hazardous activities such as downloading non-approved
software. The U.K. scored at or near the top on most measures of risky
behavior.

"I don't know if it's a lack of awareness or that they [companies] are
focused on security from within the network," said Mark Murtagh of
Websense. "They are looking at the traditional threat of viruses but
not doing a good job of protecting against the evolving threats."

Part of the problem was widespread ignorance of the risks of laptop
use -- the survey revealed that only 7% of those asked understood what
spyware was -- coupled to a need to use more technology to lock down
security, he said.

Companies loaded antivirus software but did not yet see the other
types of threat, such as data theft, as critical enough to warrant
further investment.

Solutions to the problem are harder to gauge. At an absolute minimum,
companies should start asking employees to sign up to reasonable-use
guidelines, while IT staff should treat any laptop connecting to the
company network after returning from its travels as a major security
risk. Longer term, it seems likely that software to lock down and
secure laptops will become a standard feature.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Study: Lax laptop policies create security concerns, InfoSec News <=
Previous by Date:  [ISN] Google plugs hole exposing Gmail mailboxes, InfoSec News
Next by Date:  [ISN] Oxford Uni 'hackers' suspended, InfoSec News
Previous by Thread:  [ISN] Google plugs hole exposing Gmail mailboxes, InfoSec News
Next by Thread:  [ISN] Oxford Uni 'hackers' suspended, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]