Tech reporters are dropping the ball when it comes to security

by Steve Ragan - Aug 3 2009, 15:15

Last week, The Tech Herald got a chance to see the results of an interesting study conducted by the Business Performance Management Forum (BPM) and AVG. What we learned after seeing the results, is that despite the massive amount of coverage given to security by members of the press, they completely drop the ball when it comes to basic protection online, as well as are lacking some basic information.

The findings come from a Protect the Press Poll of more than 100 participants, working in online, print, or broadcast media. Each of those surveyed in the study are confirmed tech writers, and 52-percent of them cover security. The aim was to examine the security priorities, prevention mechanisms, and breaches that editors, reporters, and publishers face in their daily business.

Like consumers, nearly 70-percent of press reporters and editors feel threatened by online Malware or Spyware, the results from BPM show. Most feel at risk conducting everyday online activities as part of their business, including downloads, email, and correspondence with story sources, yet most are failing to take basic steps to secure these same activities.

“It is disconcerting to see what in concept is a very informed audience knowingly rolling the dice when it comes to staying secure on line – it is an important indicator of the practices of the general consumers,” said Siobhan MacDermott, head of global communications and investor relations with AVG.

“If the informed press is exposed, then even more so is the home user that is not as savvy at detecting or protecting against the latest scam.”

MacDermott said it is interesting that while 57-percent of the reporters surveyed considered themselves advanced or expert at detecting online risks the majority were failing to follow basic security practices. When it comes to successful Malware related attacks on the press, 13-percent said they have suffered data loss or system failure related to malicious software. Moreover, nearly 60-percent of those that placed importance on information security never changed their password.

If a password was changed, most said that they rely on the company to change it for them. So in essence, you have reporters covering security who either never change their passwords themselves, or wait for someone in IT to do it for them. Interesting isn’t it? Adding to this, 30-percent said they cannot remember all the security software they have. Seriously, how hard can it be to recall all the software installed to protect a system?

When it comes to security concerns at work, 80-percent of those responded said that they rarely or never inform their network administrators or service providers about anything that might concern them.

When asked to rate their service provider or IT department, 60-percent said they are doing an “OK job” or not very well at all when it comes to protecting computers. Perhaps this is why the members of the press surveyed said they never tell anyone about concerns? Even so, it still does not excuse the informed from remaining silent on issue they know full well can cause problems in a business.

Another highlight in the study results sent to The Tech Herald talks about Wi-Fi networks. While 36-percent said they use Wi-Fi, nothing in the report broke them down into segments. Like public Wi-Fi, unsecured Wi-Fi, or home networking. We want to give the press members involved in the study the benefit of the doubt and assume that they know how to tell the difference, but considering 30-percent didn’t know what security software they use, we’re naturally skeptical, if not just a bit curious.

Without naming names, some of the press surveyed work for companies who have strict policy when it comes to IT. It is entirely possible they have little to no control over the security measures and software used on the office systems.

However, considering some of them work from home, they have a greater level of control and so this lack of practicing what they preach is comical. The password issue itself hits home, but when it comes to those who have suffered because of Malware related attacks, which most active security reporters know all to well how to avoid, there is just no excuse.

“Clearly, we’ve got to do a better job as a security community in shifting the mentality of our users from one that is dependent on the system to keep them safe to one that takes personal accountability and understands their role in the security continuum,” MacDermott  concluded. “Users have to understand they are a vital piece of equation and that they have a great deal of ownership in shoring up their cyberspaces.”

Around the Web