Identity Theft Expert: Employee Behavior Online Warrants Computer Security Alert System
(June 13, 2007)--News reports have indicated that a group of countries in the European Union made major strides in finalizing an alert system for business computer security. Robert Siciliano, a widely televised and quoted personal security and identity theft expert, welcomed the development as he pointed to a London-based computer security company's research, which revealed that mobile employees, especially, display risky behaviors in their computer use.
"It may be that those who take computer risks with their employers' equipment adopt an 'it-can't-happen-to-me' attitude," said Siciliano. "Or, they may simply believe it isn't their responsibility. And when computer security risks remain abstract, these attitudes are easy to have. The solution might be to add third-party alerts that drive home the notion of individual responsibility."
CEO of IDTheftSecurity.com and a member of the Bank Fraud & IT Security Report's editorial board, Siciliano leads Fortune 500 companies and their clients in workshops that explore consumer education solutions for security issues. A longtime identity theft speaker and author of "The Safety Minute: 01," he has discussed data security and consumer protection on CNBC, on NBC's "Today Show," FOX News, and elsewhere.
As reported by InfoWorld on June 5, a group of 27 countries in the European Union have moved closer to forming a European Information Sharing and Alert System (EISAS). The EISAS will include means to notify small and medium-size businesses of IT security threats. According to the article, input from the countries' delegates at the European Network and Information Security Agency (ENISA) conference this past week will become part of a related, final feasibility study to be published later in June.
"Computer security faces many hurdles," said Siciliano. "One is the method by which computer users in business learn of threats. In many places, it seems like the news media function as the main channel for alerts—alerts that often come after much damage has already occurred. It's a reactive system. Uniformity of response, like what the ENISA is working on, takes us a many steps closer to true, proactive response."
Also on June 5, London-based SurfControl PLC, an Internet security company, posted a press release to announce findings of the firm's new "Trust & Risk in the Workplace Study." The report, which explored attitudes toward and behaviors surrounding computer security in the workplace, demonstrated that employees in all regions take security risks, and that mobile users take more risks than desktop users.
For instance, SurfControl's study found that laptop users took more risks than their deskbound colleagues, and that some laptop users accessed the Internet through potentially insecure network. Risky activities included the use of USB keys and instant messaging, the downloading of music, and the sending of confidential information via email, and two thirds of the sample indicated that they would blame their employers if confidential data were stolen from their work computers.
"Even in business situations, with mobility comes the illusion of less need for security," said Siciliano. "The exact opposite is the need. With a global alert system, a mobile employee who might otherwise feel free from needing the protection of his employer's internal firewalls will receive those constant, third-party reminders that will prompt him to remain vigilant and to exercise care."
Share or bookmarklet this web page at: