Shivani Shinde/Business Standard

Mumbai, Feb 7: Employees who forward office documents and emails to personal email accounts pose the greatest security risk to an organisation, according to a report by Websense.

The study notes that the problem is severe in the banking, financial and insurance services (BFSI) and IT-BPO sectors.

The other disturbing trend is that despite security solutions and systems in place, 49 per cent of the employees receive spam mail on their official IDs. This implies that many official/corporate email IDs are available on the internet.

IDC, a market intelligence firm, has identified some key trends on the web that organisations need to be prepared for.

These include web 2.0 technologies, blended web-based threats and data loss prevention. Analysts believe the threats are getting sophisticated by the day and are able to evade traditional security solutions.

Surendra Singh, regional director, SAARC and India, Websense, said,"While organisations deploy enough anti-virus and gateway-level security, not much is being done at the web security level.

"Awareness regarding web security is still very low. While some sectors such as the IT-BPO are proactive, others are not on par to tackle web 2.0 issues. The other problem is that patches are not updated regularly. In some cases, delays range from a few days to a month."

The employee computing risk assessment (ECRA) study, which Websense conducts, highlights the security and financial risks faced by organisations due to web surfing by employees and also showcases the potential productivity loss and bandwidth abuse.

While conducting ECRA for a software development firm in India with 2,500 employees, Websense monitored almost 14,308 hits to sites that may create legal liability issues to the company.

Categories that fall under legal liability include proxy avoidance, adult material, violence, militancy & extremism, hacking, gambling and weapons.

The agency also monitored about 316,338 hits to sites that could pose a security risk. Categories under security risk are spyware, keyloggers, phishing and fraudulent sites, freeware and unwanted software downloads.

There are two reasons for this state of affairs. The first is that despite security threats and damages to organisations, budgets continue to be an issue.

Ideally, organisations should reserve at least 10 per cent of their IT budget for security. Secondly, while most firms have security policies in place, it is not communicated to the employees in the right way.

IT managers of over 450 organisations in India across verticals and representing almost 150 medium and small enterprises participated in the study, which was commissioned by Websense and conducted by the Nielsen Company.

Danger Zone

Employees sending work documents to personal email IDs

Employees clicking on links within emails sent by unknown people

Employees using their work computer for personal activities

Employees mailing company information without appropriate authorisation