SECURITY
UK firms lack security controls: report
11-04-2006
by Ciara O'Brien
UK businesses are failing to secure their networks, leaving their financial transactions and customer information exposed, a new survey has revealed.
Despite all the warnings, it seems that an alarming number of companies have not adopted the security controls needed to properly protect their customers' information.
The 2006 Department of Trade and Industry's biennial Information Security Breaches Survey found that while most large organisations appear to have adopted best practice regarding network and data security, smaller firms are less likely to do so.
Some 78 percent of larger firms who accept financial transactions encrypt the data they receive, fewer than a third of smaller firms adopted the same practice.
Despite this discrepancy, the majority of respondents in the survey -- 90 percent -- claim to recognise that protecting customer information was important and a justified investment in security.
The survey also found that adoption of traditional security technologies, such as firewalls, remains high. However, newer technologies are being adopted at a faster rate than the controls to protect against their misuse. For example, wireless networks are still being left exposed as firms fail to implement the correct security controls.
The security implications of using Voice over IP (VoIP) has also passed some companies by, it appears. Only half of those in the survey who implemented the technology evaluated the security risks, despite the fact that VoIP enables a channel to be opened through the firewall.
This worrying attitude to security seems all the more foolhardy, given the current risk environment. In recent times, there has been a rise in the number of companies that reported an attack on their internet or telecommunications traffic. More than a quarter of those affected by attempts to break into their networks said they suffered at least one significant attempt every day.
"It is encouraging that companies recognise the value of secure e-commerce to their business, however some still have work to do to put secure controls in place to satisfy their customers," said Andrew Beard, director from PricewaterhouseCoopers who led the survey.
"Somewhat worryingly, the number of attacks on websites is rising and half of the attacks reported by respondents were described as serious."
This latest blow to UK firms comes only weeks after preliminary information from the same survey identified excessive and inappropriate web-surfing as a major security risk. The survey claimed that internet use of this type reflected badly on British companies' reputations.
Building your list: Denise Cox says that in order to build a subscription list you need to be proactive about securing subscriber attention.
