Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Survey: Employees Clueless on, or Disregard IT Security Policy

If you are part of a security team that spends time carefully piecing together and reviewing corporate IT security policies, this may hurt your feelings: According to a new survey jointly commissioned by Xerox and McAfee, more than half of workers don’t always follow or are unaware of their company’s security policies.

If you are part of a security team that spends time carefully piecing together and reviewing corporate IT security policies, this may hurt your feelings: According to a new survey jointly commissioned by Xerox and McAfee, more than half of workers don’t always follow or are unaware of their company’s security policies.

But those facts shouldn’t come as much of a surprise. This isn’t the first survey that shows employees will go through whatever steps they can to access the Internet at any cost, visit the sites they want, copy data they feel they are entitled to, and access information that may not necessarily be relevant to their job function.

Breaking the RulesSo, are these employees corporate rebels or are they just unaware of what they should and should not be doing while on the company network. According to the survey, it’s a little of each.

The survey numbers show that more than half (54 percent) of employees don’t always follow their company’s IT security policies, or aren’t even aware of the policies (21 percent).

Are your corporate secrets walking out the door? According to the survey, 39 percent of employees who copy, scan or print confidential information at work worry at least sometimes whether the information on a networked device will remain secure.

As just about any survey commissioned by an IT Security vendor has a purpose, McAfee and Xerox released the results of the study in conjunction with news that the two companies are teaming up to design a security system to help companies protect against threats to confidential corporate data.

The companies said that by integrating embedded McAfee software into Xerox technology, they plan to use a whitelisting method that allows only approved files to run, offering more protection than traditional black listing tactics, where a user has to be aware of and proactively block viruses, spyware and other malicious software.

Xerox and McAfee are improving the safety of devices on the network to protect proprietary company data – a solution they says is needed according to survey data, which also found that some companies don’t take simple steps to lessen the risk, such as making sure employees are aware of IT policies and use access codes to pick up prints and copies.

Additional survey results revealed that:

• Half (51 percent) of those employees whose workplace has a printer, copier or MFP say they’ve copied, scanned or printed confidential information at work.

• Of the 39 percent who say they are at least sometimes worried about confidential information staying secure, 86 percent say they are at least somewhat worried about personal information, 77 percent say customer data, 77 percent say employee information and 70 percent say proprietary company information.

• More than half (54 percent) say computers pose the biggest security threat to their company’s network compared to other IT devices, while only 6 percent say it is MFPs.

• Only 13 percent of employees whose workplace has a printer, copier or MFP say they are prompted to enter a password or passcode on the MFP before releasing a job they’ve printed or accessing the ability to copy.

“With more than 50,000 new security threats emerging each day, protecting sensitive company information can be intimidating for IT managers – especially when you consider that any device sitting on the network, from a PC to a fax machine, can be exposed to those threats,” said Rick Dastin, president, Enterprise Business Group, Xerox Corporation. “This partnership will work to ensure those devices are secure and company information is protected.”

This survey was conducted online within the United States by Harris Interactive from Jan. 5-9, 2012 among 2,541 adults ages 18 and older, of which 1,391 are employed full and/or part time.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Risk Management

CISA has published a report detailing the cybersecurity risks to the K-12 education system and recommendations on how to secure it.

Funding/M&A

More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...