Employees the 'weakest link' in IT security

In the most serious cases companies found staff accessing child pornography

Staff who log on to 'inappropriate' websites are the second largest cause of security breaches in corporate IT systems, according to a UK government report.

The 2006 Department of Trade and Industry biennial Information Security Breaches Survey found that 41 per cent of the worst incidents involved staff accessing "inappropriate websites".

Some 36 per cent of the worst incidents related to "excessive web surfing", and in the most serious cases companies found staff accessing child pornography.

"The problem with giving employees easy access to email and the web is that the potential for damage is immense," said Ian Bowles, senior vice president at security software firm Clearswift. 

"Despite an increased awareness of the issue, employees are still the weakest link in the security chain."

However, Chris Potter, a partner at PricewaterhouseCoopers, which carried out the survey, said that companies are getting wise to employees' surfing habits. 

"As companies implement better controls around email and web usage, they tend to detect misuse already happening," he explained.

"Where those businesses have an acceptable usage policy in place, they are nearly three times as likely to detect misuse as those that do not."

The report also found that the number and speed of internet connections had increased slightly since 2004. Around 97 per cent of UK companies now has an internet connection, 88 per cent of which are using broadband.

This is up from 93 per cent of companies with internet access in 2004, when most small business connections were still using dial-up.

The full results of the survey will be released on 25 April at Infosecurity Europe in London.