Survey: Employees More Focused On Individual Concerns Than Overall Company IT Security
From prowling social networking sites at work, to overriding their company's installed security so they can access restricted websites, most employees were found to be generally imprudent and ambivalent when it comes to their company's overall security health, according to the 2010 Trend Micro survey on corporate and small business end users.
The survey, which included 1600 end users in the United States., U.K, Germany and Japan, noted that risky practices and attitudes were customary, regardless of country. Beginning with confidential corporate information, roughly 50 percent of those surveyed admitted to divulging employee-privy data through an unsecure Web mail account. End users in the U.S. and U.K. were more likely to admit to having leaked confidential company data than end users in Japan even though they were the most likely to indicate knowing what type of company data is confidential or not.
Mobile workers are more of a liability than their desktop counterparts. Across all countries, 60 percent of mobile workers versus 44 percent of stationary workers admitted to having sent out company confidential information via IM, Web mail or social media applications. In Japan, that number spikes to 78 percent of mobile employees.
In the United States, laptop end users are far more likely to perform non-work related activities while on their company's network than desktop users: 74 percent of laptop users said they checked personal email (58 percent for desktop users); 58 percent said they browsed websites unrelated to work (45 percent for desktop users.)
When it comes to concerns and fears over the damage Web threats can cause, end users consistently ranked personal over corporate. Violation of personal privacy, identity theft or the loss of personal information were the top-stated concerns surrounding insidious threats such as phishing, spyware, Trojans, data-stealing malware and spam. Loss of corporate information and damage to corporate reputation were the least of end users' concerns. For example, 36 percent of U.S. end-users said loss of personal information was their top concern about viruses; only 29 percent expressed concern over the loss of corporate data due to viruses.
Even with corporate security and policies in place, companies can be sure that their employees will find a way to exert their online freedom: Roughly one out of ten users in each country admitted to overriding their corporate security in order to access restricted Web sites. Germany ranked the highest, with 12 percent of its end-users admitting to tinkering with corporate security; this is followed by the U.K., with 11 percent; United States and Japan both had 8 percent.
"These results might be disturbing to IT administrators and small business owners, but they're not all that surprising, especially to those of us who work within the security industry," said David Perry, global director of education, Trend Micro. "The key thing to remember is that there is still potential for redress through the right security technology designed specifically for your company's needs, as well as supportive, consistent employee education that drives awareness."