06/10/10

By Rik Ferguson

Poor management over cyber-security precautions are having a serious impact on productivity, according to a report from the Government Business Council.

Drawing on a survey conducted in May, which sought the opinions of staff in twenty-eight different government agencies, the report indicates that poorly defined and badly implemented precautions against cyber attack have a negative impact on "information access, computing functionality, and mobility" and cause a severe drain on government productivity.

Bryan Klopak, director of research at the Government Business Council, explained that the executives surveyed during the research believe "cyber-security policies and procedures should be modified," as many prove too knee-jerk and restrictive and should "provide more emphasis on the importance of allowing managers to achieve their agency's mission."

The main culprit was web filtering, according to the survey. In order to prevent information leakage or Trojan attacks, it is common to block access to certain sites from internal systems - but with the growing adoption of Web 2.0 and cloud computing initiatives in both the public and private sectors, such blanket blocking is proving to do more harm than it prevents - around 62 percent of respondents claiming that the blacklists have prevented them from getting access to information required for their jobs.

A more worrying revelation in the report indicates that, far from enhancing security, such practices can actually harm a the security of a network by encouraging users to use unofficial channels to gain access to required information, such as bypassing official systems and using untested personal devices.

While keeping systems secure from attack is critical for both government and corporate networks, a badly thought out security policy can severely harm productivity and demoralise staff - as this latest report has shown.

To keep systems secure, a robust, but not draconian information security policy should be put in place, along with technological countermeasures such as powerful anti-virus, anti-spyware, and anti-malware packages across the enterprise to detect and prevent attempted intrusions by malicious software. When an Internet site blacklist starts affecting your staff and their ability to do their jobs, however, it's time to review how security is achieved in your enterprise.