Remote workers aggravate network security risks because of a false sense of awareness

(10/10/2006)

A new study commissioned by Cisco Systems has revealed that while most remote workers say they are aware of security issues, their behavior - that includes sharing work computers with non-employees, opening unknown emails, and hijacking neighbors' wireless networks - suggests otherwise.

The study spotlights the challenge that behavioral and cultural tendencies create for IT security teams as more employees work outside of traditional offices - a business practice that can enhance productivity yet jeopardize corporate and personal security.

Whether they work at home, at a café, or in a hotel, numerous findings indicate that remote workers aggravate network security concerns because of a false sense of awareness. In fact, while two of every three teleworkers surveyed (66 percent) said they are cognizant of security concerns when working remotely, many admitted behavior that undermines and contradicts their awareness. Their reasons offer valuable insight for IT and security managers around the world, fueling a need for tighter, proactive relationships with end users. Below are four of several examples revealed in the study:

Sharing Corporate Devices With Non-employees

More than one of every five remote workers surveyed (21 percent) allows friends, family members or other non-employees to use his or her work computer to access the Internet. In China, more than two of every five (42 percent) admitted to sharing their work computers. And in Japan, more end users share their work computers with others (13 percent) than those who use them for their own personal use (12 percent).

Top 5 Reasons: “I don’t see anything wrong with it”; “My company doesn’t mind me doing so”; “I don’t think letting them use it increases security risks”; “I doubt my company would care”; “Co-workers do it”

Accessing Neighbors’ Wireless Networks

In China, Italy, and Brazil, almost one of every five teleworkers admitted to accessing a neighbor’s wireless network when working from home. Although the global average was 11 percent, Germany (15 percent) and the United States (12 percent) joined China, Italy, and Brazil in eclipsing the worldwide mark.

Top 5 Reasons: “I needed it because I was in a bind”; “I can’t tell if I’m using my own or someone else’s wireless Internet connection”; “Setting up my own wireless network is difficult and confusing”; My neighbor doesn’t know, so it’s OK”; “It’s more convenient than using my wired connection”

Opening Suspicious Emails and Attachments

One of every four remote worker surveyed (25 percent) said he or she opens unknown emails when using work devices. In China, more than half of the respondents (57 percent) admitted they open emails from unknown sources.

Key Finding: In India, 20 percent of teleworkers said they open unknown emails and attachments, and in Brazil, 12 percent admitted doing so.

Personal Usage Findings

One of the most glaring contradictions in the study’s results involved non-business activity: Only 29 percent of remote workers surveyed in the 10 countries admitted that they use their work computers for personal activities. However, 40 percent - 11 percent more - admitted that they use their work computers for online shopping. This discrepancy occurred in eight of the 10 countries (excluding China and India). For example, in the U.K., only 27 percent admitted using their work computer for personal reasons, but 53 percent said they shop online when working remotely.

Top 5 Global Reasons: “My company doesn’t mind me doing so”; “I would never get things done if I didn’t do them while at work”; “I doubt my company would care”; “Shopping online can’t result in security problems”; “I think my work computer is more secure than my home computer.”

“Hijacking wireless networks or sharing corporate devices with non-employees is a significant risk for the global IT community,” said Jeff Platon, Cisco’s vice president of Security Solutions Marketing. “To highlight the U.S. example, the unsafe behavior of 11 remote workers in a company of 100 can bring down a network or compromise corporate information and personal identities. It only takes one security breach. For large enterprises with tens of thousands of workers, especially those with global workforces and differing business cultures, the potential risk is even more challenging.”

According to Platon, this is where the roles of IT organizations and chief security officers come into play. The challenges posed by remote workers present an opportunity for IT and security teams to become more proactive in protecting their businesses and reshape their role in the eyes of end users - a role that has historically been tactical and reactive.

“IT must play a more strategic role, and to do that they need to develop stronger relationships with users to prevent threats from sabotaging efficiency and personal identities,” Platon said. “This study illustrates a golden opportunity for IT to elevate its role from a reactive, back-office function. IT has the opportunity to be progressive - to maintain a steady dialogue with users, to implement educational programs tailored to different business cultures and user groups, and to weave security best practices into corporate cultures. Driving this cultural change can help maximize the value - and safety - of teleworking, especially at a time when businesses are becoming extremely mobile.”

Related topics:  IT Network and Computer Security   Security market sectors 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources