Security policies fall behind Internet adoption

More UK firms are offering employees access to the Internet but many are failing to sort out security policies until it's too late

Most UK companies now provide their employees with Internet and email facilities but this has led to more employees abusing their cyberspace privileges, because firms are not enforcing a security policy, according to a survey carried out on behalf of the Department of Trade and Industry.

The DTI's Information Security Breaches Survey found that 89 percent of employees now have access to the Internet, up from 69 percent two years ago. But, worryingly, the number of companies that restrict access to inappropriate Web sites has fallen from 34 percent to 15 percent. Additionally, only 16 percent of respondents said that they blocked or quarantined email. Two years ago, this figure was 57 percent.

Chris Potter, a partner at PricewaterhouseCoopers, said that most companies -- especially small- and medium-sized businesses -- are waiting until they experience a "major breach" in security before putting "effective controls" in place.

"Only one in three companies that suffered an incident involving Internet abuse already had a contingency plan in place to deal with it. Where such plans did exist, however, most proved very effective at handling the problem," he said.

Johanna Severinsson, marketing director of EMEA at Internet management company Websense, said that providing unrestricted Internet access is not only a distraction for employees but raises "serious security implications" for companies.

"Every company with Internet access has a responsibility to ensure it is managed in order to protect both their shareholder value and their employees," she said.

The survey was compiled from about 1,000 telephone interviews carried out by PricewaterhouseCoopers, funded by Microsoft, Computer Associates and Entrust, among others. The full results will be published during the InfoSecurity Europe conference in London next week.