Numerous behavioral risks taken by employees in increasingly distributed and remote locations can lead to the loss of corporate information, according to a study commissioned by Cisco.
Cisco, which is evangelizing and banking a large chunk of its growth on collaboration, says that as workforces become increasingly mobile, lines are blurring between work life and personal life. This could lead to risky or reckless use of company IT resources, resulting in leakage of sensitive data, the company says.
"Businesses are enabling employees to become increasingly collaborative and mobile," said John Stewart, Cisco CSO, in a statement. "Without modern-day security technologies, policies, awareness and education, information is more vulnerable.”
The study, conducted by InsightExpress and commissioned by Cisco, is based on surveys of more than 2,000 employees and IT professionals in 10 countries. It is intended to examine security and data leakage implications for businesses as employee lifestyles and work environments are becoming increasingly untethered from a fixed location. It also identifies common data leakage mistakes and risk management opportunities among workforces around the world as this new workplace paradigm as increasingly adopted.
The study surveyed 1,000 employees and 1,000 IT professionals from various industries and company sizes in 10 countries: the United States, the United Kingdom, France, Germany, Italy, Japan, China, India, Australia and Brazil. The countries were chosen because they represent a diverse set of social and business cultures, established and emerging network-dependent economies and varied levels of Internet adoption, Cisco says.
The 10 most noteworthy behavioral findings, according to Cisco, were:
1. Altering security settings on computers: One of five employees altered security settings on work devices to bypass IT policy so they could access unauthorized Web sites. More than half said they simply wanted to access the site while one-third said, "it's no one's business" which sites they access.
2. Use of unauthorized applications: Seven of 10 IT professionals said employee access of unauthorized applications and Web sites ultimately resulted in as many as half of their companies' data loss incidents. This belief was most common in countries such as the United States (74 percent) and India (79 percent).
3. Unauthorized network/facility access: In the past year, two of five IT pros dealt with employees accessing unauthorized parts of a network or facility. Of those who reported this issue globally, two-thirds encountered multiple incidents in the past year and 14 percent encountered this issue monthly.
4. Sharing sensitive corporate information: One of four employees admitted verbally sharing sensitive information to non-employees, such as friends, family or even strangers. When asked why, some of the most common answers included, "I needed to bounce an idea off someone," "I needed to vent" and "I did not see anything wrong with it."
5. Sharing corporate devices: Almost half of the employees surveyed share work devices with others, such as non-employees, without supervision.