Worst computer incidents blamed on employees
Digital cameras, MP3 players and handheld computers could be the tools that disgruntled UK employees use to sabotage computer systems or steal vital data, warn security experts.
The removable memory cards inside the devices could be used to bring in software that looks for vulnerabilities on a company's internal network.
The innocent-looking devices could also be used to smuggle out confidential or sensitive information.
The dangers disgruntled employees posed was highlighted by a survey showing that almost half of the most serious security incidents businesses suffered last year were caused by company workers.
Inside edge
The figures were revealed in the Department for Trade and Industry's annual Information Security Breaches report, which was released at the InfoSec trade show at London's Olympia.
It showed that 48% of large companies blame their worst security incident on employees.
By contrast, the 2001 edition of the survey showed that 75% of those questioned named external hackers and criminals as the biggest threat to security.
Incidents include everything from virus outbreaks, browsing inappropriate pages using company computers, committing fraud or cracking corporate computer systems from the inside.
One way that unhappy employees might try to damage computer systems is by smuggling in programs on devices such as digital cameras, handheld computers and MP3 players.
"Internal hacking is really happening," said Michael Longhurst, principal security consultant for Luxembourg-based SecureWave.
Mr Longhurst said because digital cameras, MP3 players and handheld computers swapped information with a PC they could be used for nefarious purposes.
The memory cards used by digital cameras and some MP3 players have storage capacities of hundreds of megabytes - more than enough to store hacking programs that can be used to look for vulnerabilities on internal networks.
Disgruntled employees could easily load hacking software on to the memory card for their digital camera at home, transfer the software on to a PC at work and let it run loose, said Mr Longhurst.
Many companies were now installing software that watches for computers doing things on an internal network they should not be doing.
Loose lips
Employees can be a security hazard in other ways too.
Workers unfamiliar with computers or who blithely open files attached to e-mail could kick off virus outbreaks or inadvertently aid hackers trying to get access to an organisations internal network.
Customer service staff at call centres can also cause security headaches for companies if they are not trained to spot or deal with people who call and try to extract information about passwords and customer accounts.
"Hacker Kevin Mitnick has gone on record to say that that he rarely used technology," said Chris Pick of security firm Pentasafe. "Instead, he used social engineering to get the information he needed."
Mr Pick said the Human Firewall Council had been created to advise companies on the best way to educate staff about security.
Properly educated staff will choose passwords that were hard to guess, knew to be suspicious of unsolicited e-mails bearing attachments and refused to divulge confidential information, he said.
You can hear more about computer security on Go Digital on the BBC World Service.