Companies are creating security risks through sheer complacency, claim the British Computer Society (BCS). The organization, that attempt to raise IT standards, insist that theft, fraud and loss are likely to increase unless firms wake up to the reality of IT security.
Use of laptops, increased workforce mobilization and the threat by insiders are all areas highlighted in the annual BCS Review 2005 – the book in which the claims appear.
But industry watchers have said that the fault could lie elsewhere. "Vendors and the media don't help," said Clive Longbottom, head of research at analysts Quocirca. "What I see is confusion rather than complacency. All businesses keep hearing is 'The sky is falling in'. It really doesn't help."
Longbottom insisted that constant news reports and marketing blur the line between real security problems and those that can be ignored. He also pointed to a lack of understanding at board level as an endemic security problem.
"I think the gap between the board and IT professionals is still massive," said Longbottom. "The board expect systems to be automatically secure rather than having to spend money on them. When they finally release funds you get bolt-on solutions, what is required is a more embedded approach."
The BCS has issued six "golden rules" for mobile security in response to their findings. The tips include enforcing use of company mobile devices only, recording serial numbers of PDAs and mandatory encryption.