UK firms failing security challenge

Despite repeated warnings, many British businesses haven't come to grips with the security needed for wireless networks or remote access

Many UK companies are running wireless networks and allowing remote access to their IT systems without having implemented the necessary security.

Research published on Tuesday found that over half of companies with wireless networks say they are not running any additional security, despite experts repeatedly warning that wireless access points are particularly vulnerable to a hacking attack.

The study, part of the Department of Trade and Industry's (DTI) 2004 Information Security Breaches Survey, found that 8 percent of companies know they have experienced a hacking attack on their network. Twenty-three percent said they didn't know whether they had been attacked.

One in seven of those that knew they had been targeted said they had suffered over 100 attempts.

The survey also found an increase in the number of companies that allow employees to work remotely. However, many are failing to implement security measures such as VPNs and are relying just on password protection.

"Businesses seem to be dragging their feet when it comes to introducing security controls over remote access to their systems," warned Andrew Beard, the PricewaterhouseCoopers advisory director who led the survey for the DTI.

"There are several reasons for this. First, many of those who want remote access appear to be the least aware of the additional risks it entails. Second, the majority of companies do not analyse their security incidents in a way that enables them to identify which are caused by remote access. Lastly, awareness of the available security techniques is poor, leading to inappropriate security controls being deployed," Beard said.