Employees major factor in increasing spread of viruses

The survey, conducted by market research firm TNS on behalf of network systems provider Novell UK, questioned 1,000 office workers across the UK. Two thirds of the respondents admitted to being unaware of even the most basic virus prevention measures. Perhaps even more alarmingly, 90% stated that they have no role to play in preventing the spread of viruses, leaving that responsibility to "their IT department, Microsoft or the government".

Many modern viruses, including the original strains of the MyDoom virus, are transferred through e-mail systems. It is therefore vital that employees are aware of the role they must play in protecting network and information security.

While organisations should put in place system measures, like anti-virus scanners, to prevent the spread of viruses, Novell states that reliance on these measures alone will never be sufficient. End users must be made aware of their individual responsibilities, and educated about the proper management of e-mail and prevention of viruses spread through e-mail systems.

As well as proving a technical headache for organisations left to deal with the virus, failure by employees to implement basic measures may also put organisations in breach of their general obligations to keep information secure.

Steve Brown, managing Director of Novell UK reached the following conclusion:

"Unless UK businesses start to take end user education seriously, we are going to see the impact of cyber crime spiral in 2004."

The survey threw up some other rather alarming results about employees' views on computer security. A third of the respondents write down their computer passwords so that they don't forget them, with one in ten leaving passwords written on a post-it note on their desk. 58% of respondents also regularly forward spam to friends and colleagues.

Employers must ensure that, in addition to network security measures, employees are aware of their role in information security. This should be included in a company's internet and e-mail use policy, and should be backed up with an active education programme. Issues to be considered will include the proper management of desktop systems (installing virus updates and not downloading unsafe software) and the proper use of e-mail systems.