Security Pros Lax At Protecting Their Own Computers

Who has the most secure telecommuting and home computer setups? Security professionals would seem like a safe bet.

Good guess, but ... No.

PKware, a security company that focuses on data transfer and storage, surveyed security professionals at last month's RSA Security Conference and got some surprising results. The survey showed that while 86% of more than 100 respondents were very concerned or extremely concerned about their confidential personal information falling into the wrong hands, almost one-third admitted they don't use any tools to ensure that the files they send and store are protected.

When findings like this come back about general users, security managers typically say it's a lack of education. Well, not in this case. These are the professionals who are trained to safeguard corporate networks and critical information.

"We were surprised at the results of the survey, given the respondents were security and IT professionals at some of the most security-conscious organizations in the world," Tim Kennedy, president of PKware, said in a written statement. "It shows that this is not just a user education issue, but one that comes down to the classic struggle between usability and security. We have to make it as easy as possible for people to integrate data security into their everyday lives, making it a seamless part of existing business and consumer communication habits."Kennedy also noted that the number of communications between remote workers and headquarters is on a sharp incline. Add to that the increasing number of transactions that take place between individuals and any number of service providers, including attorneys, realtors, tax advisers, and doctors, and there's a growing need to make sure those communications are private and securely stored. That will be even more true as the April 15 tax filing deadline approaches and a growing number of people file online.

"More individuals need to take the stringent security measures at their workplace and extend them to home use," said Kennedy. "Even though enterprise IT departments are constantly devising approaches and policies that ensure that the corporate network is both efficient and protected from online threats, these measures are not always integrated with remote use. Users must become more proactive about securing their e-mails and files and take ownership for these risks."

The need to secure home networks was highlighted last month when Cisco Systems advised its customers that 77 of its routers are vulnerable to a new form of attack called drive-by pharming. Running the routers, most of which are for home or small-business use, with the out-of-the-box password leaves users open to attack.