Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

When security threats are closer to home – literally

on July 7, 2011

I had an interesting discussion with a couple of colleagues on the value of consumer security research to the business community. They argued that a business is not really interested in what home users do and, moreover, the security risks are minimal in a household when compared to the risk businesses have to manage.

Granted, the risks are greater in a business environment but there are two key elements linking the home and the office – people and technology. What we often forget is that user behaviour is strongly influenced by activities outside of the office and not within.

User behaviour

More to the point, how people use technology at the office is a reflection of how they use it at home – and this can have a negative effect on security in a business.

To explore the behavior and attitude towards security and technology in US households, GFI interviewed 500 parents and their teenage children. You can read the full report here, however, I would like to take a few results to highlight how a user’s behavior at home can impact security in a business.

The survey shows that nine out of 10 parents said they had antivirus software installed on their computers – nothing surprising there – but what is worrying is that only 28% of these said they update their virus definitions daily. Twenty-four percent, yes, one in four, were not even sure if their AV definitions were being updated at all.

These results strongly indicate that most parents are confident that so long as antivirus is installed on their computer they have nothing to worry about. Such is the false sense of security among parents and teens that 76% and 77% respectively said they are ‘very’ or ‘somewhat’ confident that they won’t be infected by a virus.

It does get worse. Nearly two-thirds of parents (65%) said a virus had infected their home computers, with 55% of them saying this had happened more than once – describing these attacks as ‘somewhat’ or ‘very’ serious (62%). Forty-seven per cent of teens said their computer had been infected by a virus at home.

Root of many security issues

This lax approach to security, fuelled by a lack of education, over-confidence and the false belief that an AV product is enough to protect their machine, is the root, I believe, of many of the user-related security issues that business face on a daily basis.

This brings me to one statistic that defines the link between home user behaviour and security at the office. Ninety percent of parents use their work computers at home for personal business, while of those parents, 37% say they let their teens use them as well.

That computer is now a security risk. Here we have a computer, probably a laptop, in the hands of a teenager who can’t wait to go online and start browsing, chatting on Facebook and downloading music, videos, films and so on. With 53% of teens admitting that they visited porn sites, for example, the risk of a malware infection on the work computer greatly increases. Although most work PCs have AV installed, today’s teenagers are clever enough to shut it down, especially if they want to download some software. They also know how to hide their tracks well. According to the survey, 42% of teens have deleted the browsing history on the computer to hide what they have been doing online from their parents. Thus, any risky online behaviour on their parents’ computer may not be evident and any ‘damage’ caused may not be discovered until it is too late.

Beware of those devices

Although most companies say they have strong security measures aimed at preventing malware from entering the network when portable devices are connected to it, 42% of parents said they are not required to take any security measures before connecting their computer (or any other device) to the network.

This is a perfect recipe for a serious security incident and it also shows how vigilant businesses need to be. If their employees show little or no concern for security at home, how can they be expected to follow basic security best practice at the office? Unless that business has layer upon layer of protection (web filtering, AV, log management, etc), employees become as great a risk as a malicious hacker looking for weaknesses in the network.

The more we understand how technology is used at home, the more we can understand how users will behave in other environments, especially at work. With this insight businesses can take preventive action before something happens and create more effective policies.

Ultimately, it all boils down to one word: Education.

About the Author:

David Kelleher is Director of Public Relations at GFI Software. With over 20 years’ experience in media and communications, he has written extensively for business and tech publications and is an editor and regular contributor to Talk Tech to Me.

submit to reddit
 
Comments
Aaron Shuck July 8, 20118:21 am

There’s also a study that stated that home PCs are more prone to viruses, spams, and malwares because most of their AV tools are free, therefore it only offers a limited protection. Most PC users at home are satisfied with the free antivirus software they have not knowing that it does not have comprehensive solution.

The other factor that adds to home PCs insecurity is its users – especially the kids. Children are very gullible. They click and click what they find cool or flashy. They download games, photos, mp3s, and movies from unreliable sources.

 
the Thinking jack July 18, 201112:45 am

I agree. That’s why malware attacks are most prevalent at homes. Online scams and email spams are also most common to home computer users. That’s why I always see to it that all my PCs at my house are protected – especially the ones used by my kids.

Aside from anti-virus software, I also have Internet monitoring applications installed to my kids’ laptop and desktop.This way, no online and offline attacks will get through. Although they cost me money, it’s considered as a best practice. Anti-virus alone is not enough these days.

 
Ricky Faderland July 8, 20118:48 am

Education is certainly the ideal solution, but I think of this in terms of the end user. Most people drive their cars until something goes wrong with it. They don’t run performance tests and inspections to figure out where potential dips in operation are. And in so many ways, people treat their computers the same way they do their cars. The fact that most antivirus software offers a wealth of options and settings is ideal for someone who takes their security seriously enough to know exactly what they want and set up their scans appropriately. But most people would just prefer something that runs in the background, rarely interferes with what they want to do, doesn’t gobble system resources, and takes care of itself without user input. Obviously such a system would be a fantasy for clever malware programmers, but if you really want people to have updated definitions and regular scans, just do it without asking them. Sadly, I bet that would go a long way to improve overall security.

Artie Gains July 29, 201110:14 am

The worst is when parents use their home computers for business. In this case this seriously exposes company secrets and other valuable data. If the home computer is used just for fun, then I wouldn’t worry that much but when I know that my workers are working from home, their lack of appropriate security makes me sick.