From interacting on social network sites, to disabling company installed security software so they can access restricted Web sites, most employees were more focused on individual concerns and conveniences than their company’s overall IT security, according to the 2010 Trend Micro survey on corporate and small business end users.
The survey, which included 1600 end users in the U.S., U.K, Germany and Japan, showed that risky practices and attitudes were typical, regardless of country. Approximately 50 percent of those surveyed admitted to divulging employee-privy data through an unsecure Web mail account. End users in the U.S. and U.K. were more likely to admit to having leaked confidential company data than end users in Japan even though they were the most likely to indicate knowing what type of company data is confidential or not.
Mobile workers showed to be more of a liability than desktop users. Across all countries, 60 percent of mobile workers versus 44 percent of stationary workers admitted to having sent out company confidential information via IM, Web mail or social media applications. In Japan, that number spikes to 78 percent of mobile employees.
In the US, laptop end users are far more likely to perform non-work related activities while on their company’s network than desktop users: 74 percent of laptop users said they checked personal email (58 percent for desktop users); 58 percent said they browsed Web sites unrelated to work (45 percent for desktop users.)
When it comes to concerns and fears over the damage Web threats can cause, end users consistently ranked personal over corporate. Violation of personal privacy, identity theft or the loss of personal information were the top-stated concerns surrounding insidious threats such as phishing, spyware, Trojans, data-stealing malware and spam. The least of end users’ concerns is loss of corporate information and damage to corporate reputation with 36 percent of U.S. end-users saying loss of personal information was their top concern about viruses; only 29 percent expressed concern over the loss of corporate data due to viruses.
Even with corporate security and policies in place, companies can be sure that their employees will find a way to exert their online freedom: Roughly one out of ten users in each country admitted to overriding their corporate security in order to access restricted Web sites. Germany ranked the highest, with 12 percent of its end-users admitting to tinkering with corporate security; this is followed by the U.K., with 11 percent; U.S. and Japan both had 8 percent.
“These results might be disturbing to IT administrators and small business owners, but they’re not all that surprising, especially to those of us who work within the security industry,” said David Perry, global director of education, Trend Micro. “The key thing to remember is that there is still potential for redress through the right security technology designed specifically for your company’s needs, as well as supportive, consistent employee education that drives awareness.”
