Research Finds Only a Quarter of Employees Bypass Security Policies

According to new research from Webroot, an Internet security service company, only about 25 percent of employees have tried to bypass company security policies while at work, while nearly all (95 percent) respect the importance of their employer's measures for protecting their network and customer information.

"It is a pleasant surprise to learn that employees understand the need for increased security and abide by corporate policy," said Jacques Erasmus, chief information security officer for Webroot. "That said, employees at all levels still introduce risk to a corporate network through activities like surfing the web, shopping online, planning personal events and accessing personal email accounts while at work. As we see more and more malware being spread through the browser, such as Zeus and SpyEye which infects users' computers to track their keystrokes and steal their banking information, it is vitally important for companies to put in place suitable web security solutions and develop effective and secure web security policies to help protect their organisation."

Surveying more than 2,500 employees in the United States, United Kingdom and Australia, Webroot also found that executive or senior management staff performed non-work related activities during work at a higher rate than their subordinates. For example, 41 percent of executives reported planning personal events such as vacations, weddings or parties while on the clock, while just 35 percent of regular, full-time employees reported doing similar activities.

Additional Findings:

Employees feel security policies at work are very necessary:
·      95 percent agree that compliance with their employer's security policies is important;
·      83 percent consider protection of customer information and data as a benefit;
·      89 percent believe security policies help with the prevention of infections or viruses on the company network;
·      Few employees (seven percent) expressed extreme concern that employers monitor their online activities;
·      Nearly two-thirds (61 percent) reported that their employers' security policies never or rarely make it more difficult for them to do their jobs;
·      75 percent believe security policies are a necessary evil.


UK employers were also seen to impose more security policies than employers from the United States or Australia:
·      Login password for company computers: 90 percent in the UK vs. 84 percent overall;
·      Program download restrictions: 62 percent vs. 55 percent overall;
·      Restrictions on accessing network outside of the office: 46 percent vs. 37 percent overall;
·      Two-factor authentication for network or computer access: 28 percent vs. 20 percent overall.

Of those who skirt around corporate security policies, younger employees (those aged 18 to 29) reported a higher incidence of doing so:
·      15 percent used a mobile device to do activities not allowed at work vs. 6 percent overall;
·      12 percent accessed prohibited sites from a mobile device vs. 5 percent overall;
·      6 percent manipulated browser settings vs. 3 percent overall.

Employees learn from their coworkers' mistakes:
·      26 percent of respondents were aware of someone who received a warning as a result of breaking security policies;
·      18 percent were aware of someone who was fired;
·      9 percent someone whose computer privileges were reduced;
·      8 percent someone who was put on probation.

While all employees use company-owned devices to do non-work activities at work, executive and senior management seem to do more than other staff:
·      Purchased non-work related items online: 48 percent vs. 42 percent overall;
·      Personal event planning: 41 percent vs. 35 percent overall;
·      Instant messenger use: 17 percent vs. 12 percent overall;
·      Moved files using an online backup service: 12 percent vs. 7 percent overall.

For companies wishing to implement a web usage policy to protect itself and its staff, Webroot security experts recommend the following actions:

·      Define your security policies - With a new generation of web-based attacks, spyware, adware and webmail-borne viruses, it's more important than ever to develop well-thought-out and clearly defined web security policies.

·      Embrace social media - Social networks are new mediums for digital threats to an organisation. Build these into your policy and implement a set of rules that enables employees to harness all the benefits of these new technologies while protecting your business.

·      Clearly communicate policies - When rolling out new web security policies through an organisation, it is important to communicate these new policies to all the staff for better adherence to the policy. And regularly communicate with staff about IT and security issues.

·      Block threats before they reach your network - Roll out a cloud-based web security service that allows you to protect mobile employees as if they were at the office, while monitoring and enforcing your web security policies.

Webroot Research gathered this data between June 29 and through July 4, 2011, through the use of an online survey of full-time and part-time employees who use a computer at work in the United States, United Kingdom and Australia. With a total of 2,508 respondents the margin of error is ±2.0 percentage points at the 95 percent confidence level.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Making Safety and Security Intrinsic to School Design

    Public anxieties about school safety are escalating across the country. According to a 2023 Gallup report, 44% of parents fear for their child’s physical safety at school, a 10 percentage-point increase since 2019. Unfortunately, these fears are likely to increase if the incidence of school tragedies continues to mount. As a result, school leaders are now charged with two non-negotiable responsibilities. The first, as always, is to ensure kids have what they need to learn, grow, and thrive. Sadly, their second responsibility is to keep the children in their care safe from threats and physical danger. Read Now

  • The Power of a Layered Approach to Safety

    In a perfect world, every school would have an unlimited budget to help secure their schools. In reality, schools must prioritize what budget they have while navigating the complexities surrounding school security and lockdown. Read Now

  • How a Security System Can Enhance Arena Safety and the Fan Experience

    Ensuring guests have both a memorable experience and a safe one is no small feat for your physical security team. Stadiums, ballparks, arenas, and other large event venues are increasingly leveraging new technologies to transform the fan experience and maintain a high level of security. The goal is to preserve the integrity and excitement of the event while enhancing security and remaining “behind the scenes.” Read Now

Featured Cybersecurity

Webinars

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3