UK Security of Wi-Fi Networks, VoIP and USB Devices Still Lacking

A new survey by the National Computing Centre reveals that virtually all organizations are now addressing external IT security threats through measures such as virus detection, spam blocking and firewalls, but the security of Wi-Fi networks, Voice over Internet technologies (VoIP) and liabilities posed by small USB storage devices still have to be addressed by many.The NCC Benchmark of IT Strategy 2007 which examines current trends in IT strategy amongst end-user organizations, including security issues, reveals that 40% of respondents have only partially secured their wireless networks, or not secured them at all, whilst only 15% of respondents have implemented VoIP security.

The National Computing Centre is encouraged to see the widespread adoption of internet security but warns organizations using unsecured Wi-Fi to act quickly to close this security liability.

Stefan Foster, MD of NCC Ltd. said, "Running unsecured Wi-Fi is like locking the front door, but leaving the windows open. Fraudsters are increasingly targeting IT systems and the growing use of Wi-Fi is attracting their attention both inside and outside of the office environment. Unsecure wireless is putting organizations and those who interact with them at unnecessary risk."

Following recent news stories, it is not surprising that the protection of data on laptop systems is an area of considerable growth, with 20% of respondents reporting security currently implemented and over 20% reporting it under development or planned.

However, the proliferation of small, high capacity USB data devices has introduced a new security liability into many organizations. Nearly 75% of respondents recognize that this liability will need to be addressed but only 11% have fully implemented controls on USB/data writing devices on the desktop.

"Much IT related crime comes from within the organization so it is alarming that 25% of respondents indicated that formal security training for end-users was "not relevant" or "not considered" and only 40% indicated end users security training was fully or partially implemented." said Foster.

The Benchmark also reveals that:

* Just over 60% of respondents reported employing some IT staff who are mainly or completely engaged in IT security activities, but the incidence of security experts correlates very strongly with the size of the IT function - over half of those with fewer than 25 IT staff employed no security specialists.
* The median estimated level of expenditure on IT security was 3.3% of total IT spending (staff and capital costs).
* The highest proportion of security spending was reported by the Education sector, but the highest per-capita IT spending levels were reported by the Finance sector.
* There is rapidly growing interest in authentication procedures - 40% of respondents reported single sign on access control for end users, but it was under development or planned by nearly 30%.

To assist organizations in implementing Wi-Fi security, the NCC is making freely available a downloadable copy of its Guideline, Wireless -- technology with no strings attached from www.nccmembership.co.uk

Free IT security advice and guidance for small to medium sized organizations, provided by NCC, can be found on the IT and eCommerce section of the Business Link website (www.businesslink.gov.uk), where users can also assess their own risks using the IT Risks tool (www.businesslink.gov.uk/itrisks)