IT's presence may prompt risky business

By Anne Saita, News Director 13 Sep 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

All that talk about how bad it is to open unexpected e-mail attachments or surf potentially dangerous Web sites is paying off.

For home users.

At the office, risky behavior flourishes in part because employees believe their IT department will bail them out of any messes they create and that the company's security software doesn't catch. Some also just don't care since the computers belong to someone else.

So says a just-released survey of 1,200 U.S., German and Japanese users who participated in Tokyo-based Trend Micro's online survey in July. The findings indicate all the talk about Internet and network security is paying off with safer consumer behavior, but perhaps at the expense of enterprises' systems. More than a third (39%) of employees admitted to bolder online behavior at work than home and opening suspicious links or visiting dubious Web sites. Of those risk-takers, 63% claimed their comfort levels were elevated because of expected security software running on their networks. In other words, they were confident the company's AV scans and IDS sensors would flag potential problems for them. Forty percent also ceded that knowing the help desk was nearby also played a role in their decidedly unsafe practices.

This survey suggests that IT security staffs still have their work cut out and enforcement of Internet and e-mail use policies needs to move up the priority list. User awareness campaigns may be making inroads in preventing infected home-based machines from breaching corporate networks, but those gains are being negated by the number of people still willing to tempt fate at work.

"Although end users have expectations of IT to educate and protect them, they may not always help in overcoming network security challenges. In fact, they could make it more difficult," notes Trend Micro executive vice president Max Cheng, who oversees the security provider's enterprise business segment, in a prepared statement.

Among the survey's findings:

• 48% of U.S. workers admit they're more likely to open strange e-mails or Web links on their work computers than home PCs because they know and IT staff will intervene if their machine's infected with spyware, viruses, worms or other malicious code. Some 39% of Germans and 28% of Japanese workers confessed to the same.
• 76% of Germans and 65% of U.S. workers said they took more risks at work because they figured the company's security software would stop any incidents. In Japan, the number was 42%.
• About a third (34%) of U.S. users and almost as many Germans (29%) and Japanese (28%) confessed they didn't care if they opened suspicious e-mails or opened strange links because they didn't own the equipment.

Not surprisingly, a news release on the survey also observed that 38% of German workers and 31% of U.S. workers, along with 27% of Japanese employees, had to call their IT help desk about a security concern within three months of answering the survey.

Tags: Security management,  Information Security Policies, Procedures and Guidelines,  Malware, Viruses, Trojans and Spyware,  Security Awareness Training and Internal Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Policies, Procedures and Guidelines How to detect and respond to money laundering Health Net breach failure of security policy, technology How to protect distributed information flows Whitelists, SaaS modify traditional security, tackle flaws Melissa Hathaway urges more cooperation, government attention to cybersecurity Reuters: Obama ready to select cyber security czar How a corporate Twitter policy can combat social network threats Should enterprises be concerned with Twitter in the workplace? Information security management hype: Debunking best practices Data breach avoidance begins with security basics, panel says Malware, Viruses, Trojans and Spyware The world's top 5 riskiest domains New Zeus spam poses as Social Security statements Increase in Gumblar backdoors poses FTP credential problems Hackers to sharpen malware, malicious software in 2010 iPhone worm Rickrolls jailbroken phones Israeli Mossad add Trojan Horse to Syrian laptop Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary defense in depth  (SearchSecurity.com) non-disclosure agreement  (SearchSecurity.com) security policy  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary