Interview: Websense gives lessons in laptop safety

Websense technical director Mark Murtagh argues that firms should impose strict laptop usage policies to prevent mobile users undermining security

IT Week: As technical director of Websense, a vendor of online security tools, can you describe the typical problems caused by staff with laptops?

Mark Murtagh: We compare a laptop to a company car. You would not customise your car so your laptop should be the same, but this is not the case. In our recent survey we found that five percent of users had visited hacking web sites, nine percent used peer-to-peer applications such as Kazaa and Morpheus, and 19 percent admitted to downloading film, software, music and games. Also, almost half of all respondents admitted to letting other people use their laptops - these are completely untraceable users who could have been doing anything.

Are there particular problems that are likely to afflict firms in the UK?

We surveyed 500 employees across Europe who were using laptops as their primary machine. Although there were some differences nationally - in the UK for example people were more likely to lend their laptops to non-company people - we saw pretty much the same issues popping up across all the countries.

What can IT managers do to reduce the danger to companies?

Well, it is not easy to lock down a machine, but you need to do certain things. You can create acceptable usage policies to prevent problems occurring, but even those companies that have such policies can be lacking in understanding and awareness of the more malicious threats.

So education must play a part as well?

Of course. As an example, only seven percent of those we polled could correctly define spyware. It is a problem that cannot be ignored. People often do not understand the terms of conditions of things that they are downloading, so this can lead to many installations of [notorious spyware] such as that by Gain . If they had read [the terms] properly they would not have infected their machines with spyware.

How well are companies reacting to the threat from laptop misuse?

Not very well. Just 55 percent manage employee access, while 25 percent have some sort of software download policies in place. Where written internet and mobile equipment usage policies exist, only 30 percent of firms specifically request a signature of compliance from the user.

Is spyware a serious security problem?

Yes, for example there are some keystroke loggers that come to life only when you visit an SSL [Secure Sockets Layer-protected] site or input keywords relevant to business or financial transactions, and then they harvest that information. It is becoming a lot easier to create these things and get them on to user machines. We are having to constantly stay ahead of the pack. Spyware and phishing attacks are two of the biggest threats facing companies. It is important that as a vendor you can offer an end-to-end security approach to protect against such problems.

ABOUT MARK MURTAGH

Mark Murtagh is technical director for Europe at Websense, a US-based vendor specialising in systems to help firms manage the way their employees use the internet.

Websense was founded in 1994 as a value-added reseller of firewalls and other internet solutions.

Before he joined Websense in 2000, Murtagh was employed as an IT security consultant, first at ICL and then at Fujitsu.