Study: Mobile Workers Taking Unnecessary Risks With Data
Mobile workers are taking unnecessary risks when it comes to the data on their devices and the networks to which they connect, according to a new study.
The SurfControl Trust & Risk Study, conducted by Dr. Monica Whitty from Queens University Belfast, reveals the risky behavior of many employees, particularly mobile workers.
The study surveyed more 1,000 mobile and desktop employees across five countries and found that mobile laptop users took more risks than their desk-bound colleagues across all activities surveyed.
A primary source of concern is the 80 percent of laptop users who access the Internet through potentially insecure networks, two thirds of whom are using wireless hotspots
The risky activities include instant messaging, using USB keys to transfer company data, downloading music and sending confidential information via e-mail.
Whitty said all of these activities have the potential to introduce unwanted content to the network, expose confidential information or compromise legal liability.
As well as connecting to potentially unsecured networks, laptop users are more likely to blur the line between company and personal behavior, and are more likely to conduct risky behavior on their work machine across all categories.
Some 40 percent of UK workers e-mail office gossip to one another, and 66 percent e-mail confidential company information.
Around 35 percent of U.S. workers admit to downloading music, and 15 percent to downloading porn.
In Singapore it seems that workers are happy to merge their business and private lives. Some 83 percent connect USB keys to their work PCs, 64 percent use IM, and 33 percent play games on company laptops.
"Businesses cannot afford to think that out of sight is out of mind," said Dr. Richard Cullen, chairman of SurfControl's global technology strategy council. "This research highlights the importance of applying a consistent security strategy across all employees, regardless of where or how they access the corporate network."
Despite this risky behavior, most workers think that the company is ultimately responsible for security. Nearly two thirds indicated that it is the I.T. department's job to update anti-virus and anti-spyware software.
In the case of a more serious incident, users are more likely to blame the boss. If an employee was the victim of Internet banking fraud or identity theft, 34 percent and 53 percent respectively would blame the company.
"Almost two thirds of our sample would blame their employer if confidential data was stolen from their work computers," Whitty said. "Given that security breaches and careless mistakes can lead to the loss or theft of confidential information, employers should be cautious when it comes to protecting confidential data."
The report concludes that the most important step for organizations worldwide is to ensure that the corporate usage policy is current and consistent to desktop and mobile users.