Bug Watch: Each week vnunet.com asks a different expert from the IT security world to give their views on recent virus and security issues, with advice, warnings and information on the latest threats. This week Jack Clark, European antivirus product manager at Network Associates, discusses the risks posed by remote workers.

When the next big security breach or virus outbreak hits the headlines, the spotlight will inevitably fall on those responsible for the virus. Once the initial excitement has faded, where does the blame fall? Nine times out of 10 the IT manager will be under the spotlight. Why were we hit with this virus? Why weren't sufficient defences in place? Rarely, if ever does the spotlight fall on the end user.

It's been a well muted point over recent months that mobile workers represent a serious threat to a company's defences. Specifically the holes they open up in networks through remote access or getting on to the company intranet. The fact is in a lot of cases, while the overall responsibility for corporate defence lies with the IT manager, it's ultimately down to your mobile executive to update his or her software.

How many users refuse to accept the antivirus updates sent to them by their IT department, because the files are too large or the download takes too long? Or even totally disabling their antivirus software to gain that little bit of extra performance from their laptop? This lack of responsibility costs companies millions a year in downtime. With each mobile worker representing a hole in the network, for even just one person to not have the proper defences in place represents a serious security threat.

The argument on many sides is that education is the solution. However, educating your workforce can only take security so far. The decision at the end of the day still lies with the worker. It's a lottery as to whether they choose to look after the best interests of their companies' security, and keep the right mobile security measures in place.

The only real solution is to remove this burden from the end user. If you can't trust your mobile workforce to look after their own security, then take this responsibility out of their hands. Security needs to be managed from a central point rather than putting the emphasis on each individual user.

Antivirus vendors need to be looking towards an antivirus system which cantotally bypass the end user. Something which is managed invisibly with no user involvement will take away the chance of a serious security breach. This kind of management also means that as soon as a new virus breaks out, an update can be sent down the line immediately.

This remedy goes a long way towards giving IT managers peace of mind. If they can be reassured that remote users have the latest updates, and are alerted when employees turn their antivirus measures off, then they have all the resources they need to plug the mobile holes in the network.

To some extent, by removing responsibility you are removing risk. With these measures in place, we should all witness the end of the IT manager being the scapegoat when it comes to the next large scale virus attack.

Next edition of Bug Watch: 3 November