There has been much emphasis in recent years on anti-virus protection but some experts believe that although it is important, it can miss the point.
Last month Jay Heiser, an analyst at research firm Gartner, wrote a report on what he called 'Data Leakage'. He said loss of data was often not due to theft but other factors.
'In civilian governments and the corporate world users just don't have the expertise to classify all the sensitivity of the information they use. As a result, they send huge amounts of inappropriate e-mails, and store highly sensitive data on laptops and memory sticks, ignorant of the risk it represents to their employers,' he said.
Protecting corporate data is more than simply preventing the villains from getting into your network. It also means making sure your own employees don't give out secrets, intentionally or otherwise.
Thomas Parenty runs his own security consulting company, Parenty Consulting, in Hong Kong. He has years of experience in the United States where he worked on sensitive projects such as nuclear command and control systems. He said external threats should be prevented, but were rarely the most significant.
'When considering how to protect corporate computer networks from attack it is important to understand what types of threats a particular security measure protects you from. Anti-virus solutions, for example, protect against external attacks. The most costly types of computer crime involving large-scale financial fraud and intellectual property theft, however, are almost always perpetrated by someone inside the organisation.
'While a valuable component of information security preparedness, anti-virus solutions do nothing to protect against these internal attacks,' he said.