[ISN] Clueless office workers help spread computer viruses

From: InfoSec News (isn@private)
Date: Mon Feb 09 2004 - 01:38:41 PST

  • Next message: InfoSec News: "[ISN] Online Search Engines Help Lift Cover of Privacy"

    http://www.theregister.co.uk/content/55/35393.html
    
    By John Leyden
    Posted: 06/02/2004 
    
    Busy or apathetic employees are accelerating the spread of viruses and 
    potentially costing UK businesses millions in clean-up charges, 
    according to a survey out today. 
    
    Two-thirds of the 1,000 people quizzed by market researchers TNS in 
    January admit they are not aware of even the most basic virus 
    prevention measures. Meanwhile a third of those polled in the 
    Novell-sponsored study said they are too busy to check their emails 
    before opening them. 
    
    Depressingly, nine in ten of the workers quizzed believe that have no 
    part to play in preventing the spread of viruses, preferring to leave 
    responsibility to "their IT department, Microsoft or the government". 
    
    Where does Novell find these lunk heads? UK office workers, that's 
    who. 
    
    Even allowing for the fact the survey took place in the first two 
    weeks of January - before the ongoing MyDoom pandemic - one would 
    think that most people would have a fair idea of what a virus-infected 
    email might look like. Not so - two thirds of the respondents to the 
    survey said they didn't have a clue. 
    
    Over one third of UK workers quizzed feel overwhelmed by the number of 
    emails they get and a third claim to be too busy to check emails 
    before opening them. One in five people surveyed said they are "too 
    busy to download anti-virus updates". 
    
    Any sensible admin should implement procedures to automate this 
    process, but even so it's yet another sad indictment of the 
    limitations of the AV scanner approach. 
    
    The report reveals that workers are blasé about the possibility of 
    aiding and abetting virus attacks on company systems. Even though 62 
    per cent of UK workers rate viruses as the number one security risk, 
    over half say that they would "not be particularly bothered" if they 
    encountered an attack and only five per cent said they would be 
    worried if they personally had spread the virus. 
    
    UK workers are just as lax about other aspects of security, the survey 
    found. 
    
    A third of employees quizzed write their computer passwords down to 
    help them remember and one in ten keeps them on a Post-It note on 
    their desk. More than half (55 per cent) of those quizzed base their 
    passwords on people's names, making them far easier to guess. 
    
    The vast majority were unaware of the dangers of phishing whilst more 
    than half (58 per cent) of respondents regularly forward spam to 
    friends and colleagues without thinking. 
    
    Steve Brown, managing director of Novell UK, commented: UK workers, 
    who through lack of time, technology know-how or care, put their 
    business at risk by making basic security errors. People are highly 
    aware of the dangers posed by viruses but don't take any personal 
    responsibility for minimising risks. 
    
    "Unless UK businesses start to take end user education seriously, we 
    are going to see the impact of cyber crime spiral in 2004.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Feb 09 2004 - 04:09:08 PST