News 

A National Computing Centre survey has found that while almost all organisations deploy security measures to detect malware and block spam, many have yet to ensure the security of Wi-Fi networks and VoIP tecnologies, nor address the risk posed by small USB storage devices.

The Benchmark of IT Strategy study reveals that 40% of respondents had only partially secured their wireless networks, some not at all, and only 15% of respondents had implemented VoIP security.

"Running unsecured Wi-Fi is like locking the front door, but leaving the windows open," says Stefan Foster, managing director of NCC. "Fraudsters are increasingly targeting

A fifth of the survey's respondents said they had implemented measures designed to protect data on laptops - in case of theft or loss - and a further fifth said they planned to do so. But just 11% have fully implemented controls on writing data to USB drives from any machine, despite 75% recognising the threat.

NCC also discovered a majority of organisations do not provide security training for employees, who may not realise that copying data is either against company policy or even illegal.

"Much IT-related crime comes from within the organisation, so it is alarming that 25% of respondents indicated that formal security training for end-users was 'not relevant' or 'not considered', and only 40% indicated end users security training was fully or partially implemented," says Foster.

One area of security where the survey did uncover a growing interest was authentication; 40% of respondents had implemented single sign-on access control for end users and another 30% had it in the pipeline.