Bugwatch: Taking security home

This week Simon Perry, vice president of security strategy EMEA at Computer Associates, stresses the importance of providing security for computer users at home as well as in the office.

As an IT manager, where does your responsibility end?

When staff are in the office you are reasonably expected to monitor, manage and support their technology.

But with 48 per cent of the population now online at home, the need for home-user support beyond premium-rate troubleshooting helplines is becoming apparent.

You probably feel, however, that nobody is going to budget for time spent looking after employees when they're recreationally online at home doing everything you rightly do not allow them to do at work.

It's their personal data and systems that are at risk of disruption, after all.

But with the increasingly complex social engineering tactics used by the latest viruses, your lack of action could come back to haunt you.

Quite simply, if you don't care about these home users, an army of 11.9 million computers - that's all the households in the UK that are online - could be turned against your business.

Think of each inadequately protected home PC as a single pistol. By itself, each is capable of some damage, but their impact becomes devastating when all are aimed at one target in a sustained barrage. It is no wonder we term this attack a distributed denial of service (DDoS).

This brings us back to the issue for the IT manager: it doesn't matter where an attack comes from, the impact on the business can still be devastating.

Recent research from the Office of National Statistics found that 34 per cent of home internet users have suffered from a computer virus.

If just 10 per cent of those infected machines then launched a DDoS attack at a single business, that's more 400,000 guns firing.

I believe we all share a collective responsibility for making the internet a safer community - for the benefit of all of us.

But there's also a clear case for an IT security education programme that extends beyond the boundaries of the four corporate walls, and for companies to take active steps to provide security software for their own employee at a minimum cost.

If policies are implemented in the workplace that emphasise the importance of understanding why security protection is so vital, perhaps something similar can be carried into the home.

The only actions you have to take are to educate and negotiate.