Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Survey: Employees Clueless on, or Disregard IT Security Policy

If you are part of a security team that spends time carefully piecing together and reviewing corporate IT security policies, this may hurt your feelings: According to a new survey jointly commissioned by Xerox and McAfee, more than half of workers don’t always follow or are unaware of their company’s security policies.

If you are part of a security team that spends time carefully piecing together and reviewing corporate IT security policies, this may hurt your feelings: According to a new survey jointly commissioned by Xerox and McAfee, more than half of workers don’t always follow or are unaware of their company’s security policies.

But those facts shouldn’t come as much of a surprise. This isn’t the first survey that shows employees will go through whatever steps they can to access the Internet at any cost, visit the sites they want, copy data they feel they are entitled to, and access information that may not necessarily be relevant to their job function.

Breaking the RulesSo, are these employees corporate rebels or are they just unaware of what they should and should not be doing while on the company network. According to the survey, it’s a little of each.

The survey numbers show that more than half (54 percent) of employees don’t always follow their company’s IT security policies, or aren’t even aware of the policies (21 percent).

Are your corporate secrets walking out the door? According to the survey, 39 percent of employees who copy, scan or print confidential information at work worry at least sometimes whether the information on a networked device will remain secure.

As just about any survey commissioned by an IT Security vendor has a purpose, McAfee and Xerox released the results of the study in conjunction with news that the two companies are teaming up to design a security system to help companies protect against threats to confidential corporate data.

The companies said that by integrating embedded McAfee software into Xerox technology, they plan to use a whitelisting method that allows only approved files to run, offering more protection than traditional black listing tactics, where a user has to be aware of and proactively block viruses, spyware and other malicious software.

Xerox and McAfee are improving the safety of devices on the network to protect proprietary company data – a solution they says is needed according to survey data, which also found that some companies don’t take simple steps to lessen the risk, such as making sure employees are aware of IT policies and use access codes to pick up prints and copies.

Additional survey results revealed that:

Advertisement. Scroll to continue reading.

• Half (51 percent) of those employees whose workplace has a printer, copier or MFP say they’ve copied, scanned or printed confidential information at work.

• Of the 39 percent who say they are at least sometimes worried about confidential information staying secure, 86 percent say they are at least somewhat worried about personal information, 77 percent say customer data, 77 percent say employee information and 70 percent say proprietary company information.

• More than half (54 percent) say computers pose the biggest security threat to their company’s network compared to other IT devices, while only 6 percent say it is MFPs.

• Only 13 percent of employees whose workplace has a printer, copier or MFP say they are prompted to enter a password or passcode on the MFP before releasing a job they’ve printed or accessing the ability to copy.

“With more than 50,000 new security threats emerging each day, protecting sensitive company information can be intimidating for IT managers – especially when you consider that any device sitting on the network, from a PC to a fax machine, can be exposed to those threats,” said Rick Dastin, president, Enterprise Business Group, Xerox Corporation. “This partnership will work to ensure those devices are secure and company information is protected.”

This survey was conducted online within the United States by Harris Interactive from Jan. 5-9, 2012 among 2,541 adults ages 18 and older, of which 1,391 are employed full and/or part time.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.