Skip to content
Hays - Recruiting experts worldwide
  1. I am
    I am
Browse by expertise

IT security: Businesses must be able to look after themselves

Internet users cannot rely on the IT security industry alone to defend their systems and networks against online attacks.

The IT industry can only do so much to protect businesses and consumers against online threats. Millions of pound each year are spent combatting internet crime and trying to keep up with illegal online activity, in what constitutes a perpetual game of cat and mouse. The advent of cloud computing has made it easier to provide constant IT support, with security providers able to deliver software – and crucially, product updates – over the internet. In 2011, web users no longer need to purchase new off-the-shelf products to respond to the latest dangers, as they can simply download upgraded security tools online. But with potentially rich rewards on offer to hackers who hi-jack confidential information, there is no shortage of skilled individuals looking to make a fast buck through illegal means online.

A recent Detica report indicated that cybercrime costs the UK economy £27 billion per year, highlighting the extent to which fraudsters stand to gain. Innovation is rapid in cyberspace, and unfortunately for the IT security industry, the perpetrators of malware and virus attacks, phishing scams and data theft are often highly talented programmers. As such, they are able to stay one step ahead, enabling web-based threats to persist. However much the IT security industry invests in incident prevention, it is impossible to guarantee 100 per cent online protection. Indeed, a large chunk of the responsibility for data security needs to be taken by internet users themselves.

Dan Nadir, senior director of consumer products at Norton, raised this point, saying it is important for people and businesses alike "to think seriously" about how they are protected online. "We're constantly trying to educate people around the dangers of online threats," he stated. Mr Nadir said that with additional education comes increased awareness of IT security threats, along with a more considered approach to how people use the internet. This may encourage people to be more careful with personal information, he said, and make them think about the data they are willing to make available to third parties.

Mr Nadir added that there is "no substitute for education and awareness" when it comes to defending against all manner of online threats. Until web users realise the nature of the threats they face, and take all necessary steps to defend their accounts, files and data, they are potentially exposed. "Even perfect security software cannot prevent a user from unintentionally giving out too much information online," Mr Nadir noted, illustrating the need for individuals to take greater responsibility for their own internet activity.

Back in December, Redscan IT security analyst Simon Heron said that taking simple steps such as creating more complex passwords can help protect business networks. He explained that many employees still use relatively simple access codes which are easy for hackers to guess, despite the persistent warnings they have received from the IT security industry. Not only this, but they use them across multiple accounts, potentially leaving both business and consumer data exposed. Mr Heron stressed that employees have got to start thinking of strategies to make more complicated passwords in order to "outfox" the fraudsters. He advised business IT users to adopt combinations of letters and numbers to create passwords which are complicated, but can be traced back to a personal reference point if forgotten.

Some businesses may be able to reduce their exposure to IT security threats by hiring professionals with expertise in this area. Nicholas Lansman, secretary general of the Internet Services Providers' Association (ISPA) noted that security specialists are "incredibly important" in business. They can not only manage networks, but potentially also offer additional guidance and support to other employees within a company – helping to reduce the overall security risks faced. Clearly this involves some additional investment on behalf of the company, but given the costs associated with a data leak – both financial and in terms of reputational damage - additional recruitment could just prove to be money well spent.