UK firms failing on basic IT security

Non-random password protection can easily be hacked

UK businesses are still failing to implement internal security procedures despite growing awareness of the potential consequences, according to new research.

A report from the security division of value-added distributor Bell Micro pointed to an increase in the use of mail filters and firewalls.

But a high proportion of respondents still receive unwanted email from apparently reputable sources.

Even more surprising was that, when asked about password protocols, 56 per cent believed that colleagues' passwords commonly reflected names of family members or favourite sports teams.

Such information can easily be gleaned from social networking sites, which 41 per cent of respondents are permitted to visit by their respective companies.

"The areas of concern that become apparent from this research unfortunately seem to point to staff as the weak link in the security chain," said Steve Browell, general manager of Bell Micro's security division.

"There is still too much reliance on non-random password protection which can easily be hacked by identifying personal information freely distributed on social networking sites.

"This is despite readily available solutions on the market which are already protecting against these issues."

A staggering 73 per cent of respondents were also willing to confirm their mother's maiden name to researchers - a prime example of sharing personal information that is traditionally used as a password or prompt when accessing online accounts.