• silicon.com
• Technology
• Security

By Will Sturgeon, 30 April 2004 15:50

NEWS UK businesses are still failing to implement effective email and internet policies that could protect them from downtime, virus attacks and even costly legal action.

The Royal Bank of Scotland recently lost out to an employee who won an unfair dismissal appeal after he was sacked for sending a pornographic email. The man objected to his sacking because the bank had not told him what policy was in place regarding email usage.

And that case is far from unique, according to a number of industry experts. But the message here is clear - companies must ensure that all bases are covered by their policy so that they can maintain stricter control over their networks.

According to figures from McAfee, almost 50 per cent of network attacks are executed by users within the organisation - albeit unwittingly in the vast majority of cases.

Often this is idle curiosity or a naivety about the dangers of opening attachments - especially those which use social-engineering techniques, such as promising jokes, candid celebrity photos or other such salaciousness.

More alarmingly, 95 per cent of staff say they have nothing to do with the spread of viruses, according to Datamonitor.

Much of the problem is down to out-of-date policy and ignorance of the threats faced. Companies are being advised to ensure that all staff know what is accepted, what content can be viewed, what applications can be used and what action will be taken if rules are breached.

Pete Simpson, ThreatLab manager at Clearswift, said: "A lot of corporate policy was drafted several years ago and often it is just one sheet of paper with a few bullet points which just sits in the bottom of a draw gathering dust."

Simpson said policy needs to be constantly reviewed and updated to represent the ever-changing nature of technology.

Simpson said employees may think their boss is being a killjoy banning the use of applications such as Kazaa, for example, but he believes that many users aren't aware of the risks involved.

Spyware, adware, key loggers, Trojans and worms can all find their way onto a PC - even if the user thought they were 'only downloading a song or two' from a peer-to-peer network. Also the problem with downloading copyrighted material such as music or movies is that the company that owns the network is ultimately responsible for its contents.

Ian Schenkel, UK MD of firewall firm Sygate, said: "A lot of organisations have lost control of their networks."

And as such, according to Schenkel, they are exposing themselves to threats on all fronts - from malware to legal.

Greg Day, solutions architect at McAfee, said: "If we could stop users using computer then the world would be a better place."

But given that's a fairly impractical solution, companies need to be far smarter when it comes to educating users and implementing policy regarding the use of internet and email.