In a study conducted for Cisco by InsightExpress, based in Stamford, Conn., researchers interviewed 1,000 remote workers in 10 countries and found that many people continue to use poor judgment in adhering to security policies, despite having been warned of threats lurking on the Web and wireless networks.
While a vast majority of remote workers interviewed in the United States and elsewhere said they are cognizant of security issues while working outside the office, far fewer said they aggressively police their own computing activity to limit exposure to threats.
For instance, while 68 percent of the workers interviewed in the United States said they had been warned of the perils of risky laptop behavior, 30 percent said they still use their company-issued computers for personal tasks, with 46 percent admitting to using their computers to shop at e-commerce sites.
Although most users had been informed of the threats of e-mail-borne viruses after the outbreaks of the last several years, some 24 percent of users surveyed in the United States said they still open unknown messages, while 19 percent said they allow someone else to use their work computer.
Showing a lack of concern over unfamiliar wireless networks and all the inherent dangers of connecting to such systems, 12 percent of those surveyed in the United States said they still connect to the Web and corporate systems using unrecognized wireless connections.
The results for the U.S. workers interviewed lined up fairly consistently in all categories with those for remote workers in countries such as Germany, the United Kingdom and India, but users in some nations, in particular China, remain even less concerned about employing stricter security habits.
While 78 percent of the Chinese respondents to the report said they are mindful of security, representing the highest total of any country included in the study, some 57 percent said they use their devices for personal use, with 54 percent using their work PCs to shop online. Another 57 percent of Chinese users said they open unknown e-mail messages, 42 percent allow others to use their computers and 19 percent admit to using unknown wireless Internet access.
"Actions speak louder than words, and while people are saying one thing, their activities are something else altogether," said Bruce Murphy, vice president of advanced services at Cisco, based in San Jose, Calif. "Clearly, people are engaging in behavior that contradicts what they know about security because they fail to understand that they are actually putting their companies at a great risk for malware and other attacks."
Some 66 percent of U.S. workers responding to the survey said they regularly fail to comply with safe remote PC or network usage policies because their companies do not mind the activities they pursue, while 27 percent of those interviewed said they use their company PCs to conduct shopping or other non-work-related activities because the device represents the most secure computer they have access to.
Part of the problem, Murphy said, is that many companies release boilerplate security policies that dont specifically explicitly warn users about some risky behaviors, or they adopt guidelines that rule out so many common PC uses that people merely ignore the recommendations.
"In general, establishing policies for policies sake causes an overreaction by end users. The constructive path is to get users to understand why they need to modify [the way they] behave, and not just [to issue] some draconian request for restrictions," Murphy said. "The more people understand about why they need to behave in a certain way, the more likely they will be to adhere to a policy; companies need to understand that they cant just continue to come at this problem from a negative reinforcement perspective."