Sloppy staff pose risks for firms

Office workers' sloppy behaviour is putting their employers' reputation and financial security on the line, as it makes it easier for outsiders to get sensitive information, a report said.

Password: Barney. Easy to guess passwords make it easy for intruders

Attacks from hackers and viruses may get the most attention, but staff behaviour causes the greatest problems, Fujitsu Services, the report's authors said.

"Most attacks are perpetrated by opportunists," Fujitsu said.

Fujitsu has identified ten areas where it recommends action should be taken.

1. Personal computers

Workers must be aware of the risks involved when they plug their PDAs and laptops into their companies' systems.

Poor backup arrangements for private computing kit can create increased risk of loss of data.

The link between such equipment and central networks can cause viruses to spread.

2. Private accounts

An employee's computer account is private and should remain so.

PDAs can cause viruses to spread in a corporate system

Sometimes, employees let new recruits or temps gain access to the corporate network via their own accounts.

This could inadvertently give them access to secret files such as personnel matters, contract negotiations or a company's plans for the future.

3. Remote printers

Staff working from home using corporate networks should take extra care when printing documents.

Accidentally printing sensitive documents via the network rather than on the home printer could leave sensitive documents lying on the office printer for anyone to see.

4. WiFi

Employees who work away from the office should be wary about working with sensitive issues while using WiFi in, for example, coffee shops.

Such wireless networking systems are not safe. Even connections that use Virtual Private Network may not be secure.

5. Former colleagues

Staff who leave could cause damage, either inadvertently or (if they left on bad terms) intentionally, so their colleagues and managers should make sure their remote access to corporate systems is severed immediately after their departure.

In large organisations, it is important that the IT departments are told when people leave.

6. Insecure passwords

Apparently, it is quite common for employees, even senior managers, to keep their password under the keyboard. Don't. Keep it safe.

7. Sneaky access

Staff should lock their computers when they leave their desks.

Home workers must take care when they print

Employees must take care not go to meetings or for lunch without first preventing others from accessing their emails and network drives.

Colleagues or others might send emails from an individual's account, causing embarrassment or even legal difficulties.

Or worse, sensitive information could fall into the wrong hands.

8. Easy to guess passwords

Many workers choose obvious passwords that can provide easy access to corporate computer systems.

9. Gadgets

Staff should be aware of outsiders, who may bring tiny audio recorders, memory sticks and camera phones into offices. These devices make it easy for outsiders to record corporate data and smuggle it out.

10. Theft

Theft from offices remains a major threat to companies' security. PDAs, laptops and memory sticks lost while on the road could also give outsiders access to sensitive data.