‘Private internet use by staff threatens IT security in Danish companies’, says IDC

COPENHAGEN – SEPTEMBER 13, 2006 – CORRECTION: Please note: This release was sent out on 13/09/06 with an error. In the 2nd paragraph it stated: 'And the risk of infection is about a.5 times greater among companies that allow free, private use of the Internet by staff than for those that do not allow private surfing."

Please note, this should NOT state a.5, this should be 3.5.

IT analysis company IDC has recently published a new survey containing some alarming results: within the last year, almost 40% of companies questioned had experienced malicious software (malware) in the form of a computer virus or worm. And the primary source of these viruses and worms is no longer emails, but surfing on the Internet.

"There is a common misconception that emails constitute the biggest security threat from the Internet," said IDC Denmark's managing director, Per Andersen. "But the survey shows that up to 30% of companies with 500 or more staff have been infected as a result of Internet surfing, while only 20%-25% of the same companies experienced viruses and worms from emails. And the risk of infection is about 3.5 times greater among companies that allow free, private use of the Internet by staff than for those that do not allow private surfing."

Some 200 Danish companies took part in the survey, carried out on behalf of software company Danware.

IDC: IT Policy Must be Followed up With Action

The IDC survey paints a picture of Danish companies having great faith in their staff, which consequently means that they expose themselves to greater risk of threats from the Internet.

Even though a good 75% of the companies taking part in the survey have implemented IT policies, the vast majority allow their staff to use company Internet access for private purposes. And among companies that do not allow private use of the Internet, an estimated 30% of management state that staff are using the Internet anyway for private purposes during working hours.

Even though companies are, in this way, exposing themselves to attacks by viruses, worms, and Trojan horses, a direct ban on staff use of the Internet for private purposes is neither a long-term nor a realistic solution. According to IDC, it would be more expedient to strengthen the monitoring of Internet use by staff.

Adds Per Andersen: "Today our work and private lives are so interlinked that it is unrealistic to think in terms of a ban on the use of company Internet connections for private purposes. We would advise companies to do more to follow up on the fine print and agreements in their IT policies. There are many monitoring tools that can give management an overview of time spent and behavior patterns of staff on the Internet. And it can certainly be done in such a way that it does not constitute outright monitoring of the actions of every member of staff."

Danish IT Security Expert: Take Note of Home Use by Staff IT security threats come not only from Web sites with erotic or pornographic content, which are often those most under suspicion. An "innocent" activity such as active participation in an online poker Web site can also have serious consequences.

"One overlooked risk factor is surfing at home using the company's Internet connection," said Preben Andersen, general manager of the Danish Computer Emergency Response Team (DK-CERT). "A good example is a so-called Trojan horse, which users of a poker Web site got when they downloaded a help program from the site. The program gave those behind the Trojan horse the opportunity to transfer files to the computer and run them. There is no limit to the consequences this can have for a company if those behind the malware are intent on doing damage to the company."

DK-CERT is an independent unit under UNI-C, which monitors IT security in Denmark. DK-CERT deals with about 600,000 security events annually.

For more information about this press release, please contact Per Andersen (see above for contact details).

About IDC

IDC is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. IDC helps IT professionals, business executives, and the investment community make fact-based decisions on technology purchases and business strategy. Over 850 IDC analysts in 50 countries provide global, regional, and local expertise on technology and industry opportunities and trends. For more than 42 years, IDC has provided strategic insights to help our clients achieve their key business objectives. IDC is a subsidiary of IDG, the world's leading technology media, research, and events company. You can learn more about IDC by visiting www.idc.com .

All product and company names may be trademarks or registered trademarks of their respective holders.