'Human error' is biggest IT security risk

The Department of Trade and Industry (DTI) said that to combat the "weakest link" it was spending £4 million on four research projects aimed at reducing the risk that human error played in IT security.

A survey of 1,800 people by the department found that just over one third recorded their password or security

information by either writing it down or storing it somewhere on their computer.

Almost two thirds of people never changed their password, while one in 5 used the same password for non-banking websites as well as their online bank.

Science minister Malcolm Wicks, said: "Unfortunately, the weakest link in network security is not usually with the technology, but with the staff and system users. Our survey found that a shocking number of people were careless with passwords, unwittingly exposing themselves and their company to fraud and theft.

He added that with 62% of companies experiencing a network security incident, it was "a problem we need to fix."

The projects, which are part of the DTI's Network Security Innovation Platform, will for the first time use behavioural science in a bid to tackle the human risk element in network security.

'Going walkabout'

Meanwhile, a separate study has revealed that half of employees begin new jobs using sensitive information taken from their previous employer.

Check Point Software said its research had also shown it was unlikely that anyone would stop them, as three quarters of companies had no security in place to prevent information "going out the door".

As many as 85% of workers claimed they could "easily" download competitive information and take it with them to their next job, despite 74% of their employers having a policy that specifically forbids such action.

Check Point spokesman Martin Allen said the widespread availability and use of so-called USB sticks - key fobs that can be used to transfer and store data from computers - created a "real security headache for most companies".

He explained: "USB sticks are now more popular than ever, with everyone from children up to the CEO now travelling around with data on their USB sticks. Many can now carry 16 gigabytes around with them in their pockets which compares with 640 reams of paper in your pocket.

"At this estimation it's not surprising they can become a serious security risk. Companies spend millions on their security and just forget about the fact that millions of pounds worth of valuable data is 'going walkabout' on people's key rings and a great deal are very happy to download information to take with them to their next job.

"Without being too draconian our advice is to lock down computers with vital information and make sure you centrally control USB sticks by supplying them to your staff with mandatory encryption in place. That way they can freely use them keeping the data safe at all times."