Businesses are failing to secure their Wi-Fi and VoIP networks adequately, leaving themselves open to growing security threats.
IT body the National Computing Centre (NCC) is warning that, although organisations are addressing IT security generally, through virus protection, spam blocking and firewalls, newer technologies are being neglected.
The NCC research found 40 percent of respondents either haven't secured their wireless network at all or have done so only partially. Just 15 percent have VoIP security in place.
Independent IT survey shows the security of WiFi networks, VoIP and USB devices still to be addressed by many [news release]
A new survey by the National Computing Centre reveals that virtually all organisations are now addressing external IT security threats through measures such as virus detection, spam blocking and firewalls, but the security of WiFi networks, Voice over Internet technologies (VoIP) and liabilities posed by small USB storage devices still have to be addressed by many.
The NCC Benchmark of IT Strategy 2007 which examines current trends in IT strategy amongst end-user organisations, including security issues, reveals that 40% of respondents have only partially secured their wireless networks, or not secured them at all, whilst only 15% of respondents have implemented VoIP security.
The National Computing Centre is encouraged to see the widespread adoption of internet security but warns organisations using unsecured WiFi to act quickly to close this security liability.
Stefan Foster, MD of NCC Ltd said, “Running unsecured WiFi is like locking the front door, but leaving the windows open. Fraudsters are increasingly targeting IT systems and the growing use of WiFi is attracting their attention both inside and outside of the office environment. Unsecure wireless is putting organisations and those who interact with them at unnecessary risk.”
Following recent news stories, it is not surprising that the protection of data on laptop systems is an area of considerable growth, with 20% of respondents reporting security currently implemented and over 20% reporting it under development or planned.
However, the proliferation of small, high capacity USB data devices has introduced a new security liability into many organisations. Nearly 75% of respondents recognise that this liability will need to be addressed but only 11% have fully implemented controls on USB/data writing devices on the desktop.
“Much IT related crime comes from within the organisation so it is alarming that 25% of respondents indicated that formal security training for end-users was “not relevant” or “not considered” and only 40% indicated end users security training was fully or partially implemented.” said Foster.
The Benchmark also reveals that:
- Just over 60% of respondents reported employing some IT staff who are mainly or completely engaged in IT security activities, but the incidence of security experts correlates very strongly with the size of the IT function – over half of those with fewer than 25 IT staff employed no security specialists.
- The median estimated level of expenditure on IT security was 3.3% of total IT spending (staff and capital costs).
- The highest proportion of security spending was reported by the Education sector, but the highest per-capita IT spending levels were reported by the Finance sector.
- There is rapidly growing interest in authentication procedures – 40% of respondents reported single sign on access control for end users, but it was under development or planned by nearly 30%.
To assist organisations in implementing WiFi security, the NCC is making freely available a downloadable copy of its Guideline, Wireless – technology with no strings attached from www.nccmembership.co.uk
Free IT security advice and guidance for small to medium sized organisations, provided by NCC, can be found on the IT and eCommerce section of the Business Link website (https://www.gov.uk/browse/business), where users can also assess their own risks using the IT Risks tool.
The National Computing Centre's Conference on Business Continuity is taking place on the 20th September in Manchester (www.ncc.co.uk)
Notes to Editors
The Benchmark of IT Strategy 2007 which is based on the responses of 190 organisations also surveys trends in:
- Business Intelligence
- IT Strategy and Performance Metrics
- Data Governance
- Strategic Applications and Technologies
- Storage agility
About The National Computing Centre (NCC)
The National Computing Centre (NCC) is the single largest and most diverse corporate membership body in the UK IT sector. NCC champions the effective deployment of IT to maximise the competitiveness of its members' business, and serves the corporate, vendor and government communities.
This news release was sourced fromhttp://www.ncc.co.uk/aboutncc/press_rel/IT_Strategy_2007.cfm