Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Survey: Employees Clueless on, or Disregard IT Security Policy

If you are part of a security team that spends time carefully piecing together and reviewing corporate IT security policies, this may hurt your feelings: According to a new survey jointly commissioned by Xerox and McAfee, more than half of workers don’t always follow or are unaware of their company’s security policies.

If you are part of a security team that spends time carefully piecing together and reviewing corporate IT security policies, this may hurt your feelings: According to a new survey jointly commissioned by Xerox and McAfee, more than half of workers don’t always follow or are unaware of their company’s security policies.

But those facts shouldn’t come as much of a surprise. This isn’t the first survey that shows employees will go through whatever steps they can to access the Internet at any cost, visit the sites they want, copy data they feel they are entitled to, and access information that may not necessarily be relevant to their job function.

Breaking the RulesSo, are these employees corporate rebels or are they just unaware of what they should and should not be doing while on the company network. According to the survey, it’s a little of each.

The survey numbers show that more than half (54 percent) of employees don’t always follow their company’s IT security policies, or aren’t even aware of the policies (21 percent).

Are your corporate secrets walking out the door? According to the survey, 39 percent of employees who copy, scan or print confidential information at work worry at least sometimes whether the information on a networked device will remain secure.

As just about any survey commissioned by an IT Security vendor has a purpose, McAfee and Xerox released the results of the study in conjunction with news that the two companies are teaming up to design a security system to help companies protect against threats to confidential corporate data.

The companies said that by integrating embedded McAfee software into Xerox technology, they plan to use a whitelisting method that allows only approved files to run, offering more protection than traditional black listing tactics, where a user has to be aware of and proactively block viruses, spyware and other malicious software.

Xerox and McAfee are improving the safety of devices on the network to protect proprietary company data – a solution they says is needed according to survey data, which also found that some companies don’t take simple steps to lessen the risk, such as making sure employees are aware of IT policies and use access codes to pick up prints and copies.

Additional survey results revealed that:

Advertisement. Scroll to continue reading.

• Half (51 percent) of those employees whose workplace has a printer, copier or MFP say they’ve copied, scanned or printed confidential information at work.

• Of the 39 percent who say they are at least sometimes worried about confidential information staying secure, 86 percent say they are at least somewhat worried about personal information, 77 percent say customer data, 77 percent say employee information and 70 percent say proprietary company information.

• More than half (54 percent) say computers pose the biggest security threat to their company’s network compared to other IT devices, while only 6 percent say it is MFPs.

• Only 13 percent of employees whose workplace has a printer, copier or MFP say they are prompted to enter a password or passcode on the MFP before releasing a job they’ve printed or accessing the ability to copy.

“With more than 50,000 new security threats emerging each day, protecting sensitive company information can be intimidating for IT managers – especially when you consider that any device sitting on the network, from a PC to a fax machine, can be exposed to those threats,” said Rick Dastin, president, Enterprise Business Group, Xerox Corporation. “This partnership will work to ensure those devices are secure and company information is protected.”

This survey was conducted online within the United States by Harris Interactive from Jan. 5-9, 2012 among 2,541 adults ages 18 and older, of which 1,391 are employed full and/or part time.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...