Remote Workers Still Imperil Enterprise SecurityBy Matt Hines | Posted 2006-10-09 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
A global security research study from Cisco finds that most workers who access data networks remotely or carry company-owned laptops are putting their employers at risk.Remote workers continue to expose their employers to a wide range of IT threats by using poor laptop etiquette and connecting to corporate systems using non-trusted wireless connections, according to a new report sponsored by Cisco Systems.
In a study conducted for Cisco by InsightExpress, based in Stamford, Conn., researchers interviewed 1,000 remote workers in 10 countries and found that many people continue to use poor judgment in adhering to security policies, despite having been warned of threats lurking on the Web and wireless networks.
While a vast majority of remote workers interviewed in the United States and elsewhere said they are cognizant of security issues while working outside the office, far fewer said they aggressively police their own computing activity to limit exposure to threats.
Showing a lack of concern over unfamiliar wireless networks and all the inherent dangers of connecting to such systems, 12 percent of those surveyed in the United States said they still connect to the Web and corporate systems using unrecognized wireless connections.
The results for the U.S. workers interviewed lined up fairly consistently in all categories with those for remote workers in countries such as Germany, the United Kingdom and India, but users in some nations, in particular China, remain even less concerned about employing stricter security habits.
While 78 percent of the Chinese respondents to the report said they are mindful of security, representing the highest total of any country included in the study, some 57 percent said they use their devices for personal use, with 54 percent using their work PCs to shop online. Another 57 percent of Chinese users said they open unknown e-mail messages, 42 percent allow others to use their computers and 19 percent admit to using unknown wireless Internet access.
"Actions speak louder than words, and while people are saying one thing, their activities are something else altogether," said Bruce Murphy, vice president of advanced services at Cisco, based in San Jose, Calif. "Clearly, people are engaging in behavior that contradicts what they know about security because they fail to understand that they are actually putting their companies at a great risk for malware and other attacks."
Some 66 percent of U.S. workers responding to the survey said they regularly fail to comply with safe remote PC or network usage policies because their companies do not mind the activities they pursue, while 27 percent of those interviewed said they use their company PCs to conduct shopping or other non-work-related activities because the device represents the most secure computer they have access to.
Part of the problem, Murphy said, is that many companies release boilerplate security policies that don't specifically explicitly warn users about some risky behaviors, or they adopt guidelines that rule out so many common PC uses that people merely ignore the recommendations.
"In general, establishing policies for policies' sake causes an overreaction by end users. The constructive path is to get users to understand why they need to modify [the way they] behave, and not just [to issue] some draconian request for restrictions," Murphy said. "The more people understand about why they need to behave in a certain way, the more likely they will be to adhere to a policy; companies need to understand that they can't just continue to come at this problem from a negative reinforcement perspective."
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.