Phishing And Complexities Of E-Mail Security Top List Of IT Pros' ConcernsPhishing And Complexities Of E-Mail Security Top List Of IT Pros' Concerns

Tech administrators want simpler security and they want it fast, according to a forthcoming survey of 200 IT professionals. The survey, conducted by InsightExpress LLC on behalf of E-mail security company MailFrontier Inc., finds that 62% of respondents are looking to consolidate E-mail security, with 96% of those people planning to do so within the year.

"It seems like the only thing harder than preventing E-mail security breaches is managing it," says Anne Bonaparte, president and CEO of MailFrontier. "I didn't quite understand the level of pain."

Complexity causes much of the pain, the survey suggests. More than anything, ease of use is the primary reason to consolidate E-mail security with a single vendor, respondents say.

"The other thing I found surprising was that 56% consider phishing a threat in the corporate environment," Bonaparte says. "And that's versus a year ago when no one could spell it."

While phishing may be on the minds of IT professionals, it isn't seen as terribly dangerous. Only 4% of those surveyed rated phishing as the most-damaging security risk, an honor that 44% accorded to viruses and 29% bestowed on spam.

The risks of phishing are underestimated, says Bill Schlough, VP and CIO of the San Francisco Giants, because it's often seen as affecting the individual rather than the company.

Phishing is a direct threat in terms of data loss and an indirect threat in terms of lost productivity, Schlough says. "We've had experiences where phishers targeted my end-users, my front-office staff. The phisher sends out a message to my staff, makes it look like it's from my help desk, and instructs them that if they don't take action, their E-mail accounts will be shut down."

The direct threat is that a phishing attack could lead to the installation of malware or the capture of a password, Schlough says. The indirect threat involves the impact of being victimized. "It's going to be a threat to productivity if, through my staff's work E-mail, they're getting phishing messages and they're revealing their financial accounts," he explains. "Then the next thing you know, this guy is spending four days trying to clear up his credit issues."

He adds, "We don't support people's home computers, but at the same time, if they're compromised at home, it's going to affect their productivity at work."

To date, no one has taken the bait. "Fortunately, our users are educated enough to question such things," he says.

Schlough didn't participate in the survey and doesn't share the majority's desire to consolidate E-mail security with one vendor. "That's really not a priority for us," he says. "We like the ability to protect with different approaches." The Giants rely on products from both Symantec Corp. and MailFrontier.