Senior
management, including HR directors, are failing to put the necessary security
systems and strategies in place to prepare UK companies for e-business, says a
report by security specialist Network Associates. Vanson Bourne polled 120
heads of communications and corporate networks for the Healthcheck research,
which also highlights many weak spots that lose companies millions of pounds a
year.
“We
expected to find a little lack of foresight and lack of responsibility being
taken but the results were staggering,” says Network Associates’ business
development manager, Nigel Todd. Todd accuses senior managers of taking an
“ostrich-like approach” to their responsibilities over security and, in many
cases being too afraid to admit they don’t know how to deal with e-business
issues.
“It’s a bit
like the emperor’s new clothes: when e-business is mentioned, nobody dares say,
‘What are you talking about?’,” he says. “In these technology-driven days, it
is a brave senior manager who puts his hand up and says he doesn’t understand
it.”
The report
reveals that 47 per cent of respondents believe that fears over security alone
are hampering e-business development, with only 34 per cent saying they are
completely satisfied with their anti-virus measures.
More than
70 per cent believe that their company’s network speed and availability must
improve if it is to meet the requirements of e-business. The need for this to
happen is borne out by the worrying statistics that 30 per cent of companies
experience a complete network crash at least once every 12 weeks and 23 per
cent of companies suffer critical data corruption through virus attack.
The report
says that chief executives and managing directors must take responsibility for
the hardware and software infrastructure and must have a proper e-business
strategy.
“E-business
should be much more about having a planned approach than just saying, ‘We’ve
got to have a web site’,” explains Todd, who believes the rush to get an
on-line presence, and the strain this puts on corporate resources, are also to
blame for many system deficiencies.
“The
security policy must be taken from the board downwards and it should be
practical and easily managed. It should also be revisited regularly because
e-business changes all the time. You should have the ability to see security
threats.”
Once the
policy is decided, HR managers and directors must play their part in
implementing it properly, says Todd. The report recommends that responsibility
for corporate security should be written into the job description of the
designated manager. Employees must be made more security-conscious.
Forty per
cent of respondents said that end-users were the most vulnerable part of the
network, creating the biggest security threat. “They must stop, for instance,
leaving passwords on the sides of their computer,” says Todd.
“They
should be trained to understand why they shouldn’t do this – that leaving a
password is like leaving the vault open and once a hacker is in the vault, it’s
much easier to open the security boxes. If staff understand why they shouldn’t
do it, they will buy into it.”
Improved IT
training for employees and better housekeeping would also minimise unnecessary
calls to a company helpdesk, he says. Approximately 40 per cent of support
calls were password-related problems that could be cured by the user.
The full
Network Associates Healthcheck research is available on the Personnel Today web
site at www.personneltoday.co.uk
The Network Associates’ prescription for a healthy
e-business
Elevate the care of your e-business health
to the board – it’s a strategic issue
Construct a practical, easily manageable but
comprehensive e-business security policy that reflects your business processes
Review and audit constantly – there is no
room for complacency
Invest in your e-business security
strategy – the ROI will become clear
Train your users in basic security policy
and get their buy-in and understanding
Keep anti-virus software constantly up
to date – otherwise it is useless
Manage your e-business centrally.
Sign up to our weekly round-up of HR news and guidance
Receive the Personnel Today Direct e-newsletter every Wednesday
