Actions Speak Louder Than Words: Despite Claiming Security Awareness, Many Remote Workers Engage in Risky Online Behavior
Global study involving 1,000 teleworkers in 10 countries reveals contradictory actions and reasons -- for hijacking neighbors wireless networks, sharing computers with non-employees, and more
New Delhi, October 10, 2006 - A global third-party study commissioned by Cisco® today reveals that while most remote workers say they a are aware of security issues, their behavior behavior that includes sharing work computers with non-employees, opening unknown emails, and hijacking neighbors wireless networks suggests otherwise.
Designed to better understand how teleworkers perceptions and behavior heighten security risks for the global network community, information technology (IT) organizations and the businesses they support, the study revealed responses from more than 1,000 teleworkers in 10 countries. Conducted this summer by an independent market research firm, the study consisted of end-user surveys involving at least 100 respondents in each of the following countries: the United States, United Kingdom, France, Germany, Italy, Japan, China, India, Australia, and Brazil. It spotlights the challenge that behavioral and cultural tendencies create for IT security teams as more employees work outside of traditional offices a business practice that can enhance productivity yet jeopardize corporate and personal security.
Whether they work at home, at a cafe, or in a hotel, numerous findings indicate that remote workers aggravate network security concerns because of a false sense of awareness. In fact, while two of every three teleworkers surveyed (66 percent) said they are cognizant of security concerns when working remotely, many admitted behavior that undermines and contradicts their awareness. Their reasons offer valuable insight for IT and security managers around the world, fueling a need for tighter, proactive relationships with end users. Below are four of several examples revealed in the study:
Sharing Corporate Devices With Non-employees
More than one of every five remote workers surveyed (21 percent) allows friends, family members or other non-employees to use his or her work computer to access the Internet. In China, more than two of every five (42 percent) admitted to sharing their work computers. And in Japan, more end users share their work computers with others (13 percent) than those who use them for their own personal use (12 percent).
Top 5 Reasons: I dont see anything wrong with it; My company doesnt mind me doing so; I dont think letting them use it increases security risks; I doubt my company would care; Co-workers do it
Accessing Neighbors Wireless Networks
In China, Italy, and Brazil, almost one of every five teleworkers admitted to accessing a neighbors wireless network when working from home. Although the global average was 11 percent, Germany (15 percent) and the United States (12 percent) joined China, Italy, and Brazil in eclipsing the worldwide mark.
Top 5 Reasons: I needed it because I was in a bind; I cant tell if Im using my own or someone elses wireless Internet connection; Setting up my own wireless network is difficult and confusing; My neighbor doesnt know, so its OK; Its more convenient than using my wired connection
Opening Suspicious Emails and Attachments
One of every four remote worker surveyed (25 percent) said he or she opens unknown emails when using work devices. In China, more than half of the respondents (57 percent) admitted they open emails from unknown sources.
Key Finding: In India, 20 percent of teleworkers said they open unknown emails and attachments, and in Brazil, 12 percent admitted doing so.
Personal Usage Findings
One of the most glaring contradictions in the studys results involved non-business activity: Only 29 percent of remote workers surveyed in the 10 countries admitted that they use their work computers for personal activities. However, 40 percent 11 percent more admitted that they use their work computers for online shopping. This discrepancy occurred in eight of the 10 countries (excluding China and India). For example, in the U.K., only 27 percent admitted using their work computer for personal reasons, but 53 percent said they shop online when working remotely.
Top 5 Global Reasons: My company doesnt mind me doing so; I would never get things done if I didnt do them while at work; I doubt my company would care; Shopping online cant result in security problems; I think my work computer is more secure than my home computer.
Hijacking wireless networks or sharing corporate devices with non-employees is a significant risk for the global IT community, said Jeff Platon, Ciscos vice president of Security Solutions Marketing. To highlight the U.S. example, the unsafe behavior of 11 remote workers in a company of 100 can bring down a network or compromise corporate information and personal identities. It only takes one security breach. For large enterprises with tens of thousands of workers, especially those with global workforces and differing business cultures, the potential risk is even more challenging.
According to Platon, this is where the roles of IT organizations and chief security officers come into play. The challenges posed by remote workers present an opportunity for IT and security teams to become more proactive in protecting their businesses and reshape their role in the eyes of end users a role that has historically been tactical and reactive.
IT must play a more strategic role, and to do that they need to develop stronger relationships with users to prevent threats from sabotaging efficiency and personal identities, Platon said. This study illustrates a golden opportunity for IT to elevate its role from a reactive, back-office function. IT has the opportunity to be progressive to maintain a steady dialogue with users, to implement educational programs tailored to different business cultures and user groups, and to weave security best practices into corporate cultures. Driving this cultural change can help maximize the value and safety of teleworking, especially at a time when businesses are becoming extremely mobile.
About Cisco Systems:
Cisco Systems, Inc. (NASDAQ: CSCO), is the worldwide leader in networking for the Internet. Information about Cisco can be found at www.cisco.com. For ongoing news, please go to newsroom.cisco.com.India news and information are available
# # #
Cisco, Cisco Systems, the Cisco Systems logo, and Cisco IOS are registered trademarks of Cisco Systems, Inc. in the U.S. and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. This document is Cisco Public Information.
Mr. Varghese M. Thomas
Cisco Systems India Pvt. Ltd
Tel: +91 80 41593226 email@example.com