Most IT acceptable use policies contain ‘gaping security holes’

Small- and medium-sized enterprises (SMEs) are leaving themselves vulnerable to security and compliance risks by not having internet acceptable use policies (AUPs) that address the latest and most dangerous internet-based threats, a new study has warned.

According to a poll of IT administrators at 500 companies carried out by security firm St. Bernard Software, four key IT threat areas were found to be commonly missing written AUPs. These so-called gaping holes in AUPs include clauses to cope with use of spyware, inappropriate surfing, instant messaging and P2P networks.

In addition, it was found that the majority of these organizations had no perimeter security solution to defend against these threats or manage and enforce policies.

Every day, these internet-based threats try to exploit networks and expose SMEs to security breaches, legal liability, lost productivity and the erosion of network resources, the report warned.

Some 70 percent of organizations have not addressed spyware in their AUPs; 64 percent have not addressed inappropriate surfing in AUPs; 72 percent have no mention of instant messaging use and the same percentage of firms neglects P2P use.

"This survey reveals a high percentage of SMEs are leaving themselves open to abuse of corporate AUPs, either because they are ambiguous or incomplete or that there are no IT solutions in place to make sure employees abide by policies and company rules," said John Jones, chief executive officer of St. Bernard Software.

"By understanding what's at risk, SMEs are better equipped to meet threats head-on. The first step should be to develop a security policy and an acceptable use policy that support their business goals, and are detailed enough to include all the issues they might encounter."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.