Opening unknown e-mail attachments presents the most significant security sin a user can commit, according to nearly half of IT managers surveyed by WatchGuard Inc. Forty percent of respondents said that it's more damaging than failing to implement mandatory virus updates, installing an unauthorized wireless network or making a password easily accessible to others (each selected by 14% of respondents).
The Seattle-based SMB network security provider conducted two surveys of IT managers. One involved 200 attendees at February's RSA Conference; the second was an e-mail survey of 214 WatchGuard LiveSecurity Service subscribers a month later. The majority of respondents were from small- to medium-sized enterprises (1-1000 users).
The e-mail poll revealed that 31% of users only adhere to security policies when it suits them; 12% obey security policies only by chance and 3% ignore the rules altogether.
"Because of resource constraints, it is often even more challenging for IT administrators in small and mid-sized enterprises to spend a lot of time and effort enforcing security policies and educating users about security threats," said Mark Stevens, WatchGuard's chief strategy officer. "Even when the effort is made, user education doesn't address the whole problem. It's more effective for businesses to take a proactive approach by stripping potentially dangerous attachments at the perimeter. If the attachment isn't there, a curious user can't open it and -- intentionally
More than three-fourths (79%) of respondents also indicated that a virus has successfully penetrated their network defenses at least once in the last year.