Survey: Employees risk company computer security

By Kelly Ellis

Posted on 15 Sep 2005 at 15:23

Employees are putting companies at risk by using computers in an irresponsible manner, a survey from Sophos has revealed.

The security company found that 79 per cent of IT professionals believe that people are putting too much trust in security systems at work and as a result are using computers carelessly without thinking of the consequences.

Sophos found that despite instructions from IT departments to act safely online, many employees are downloading unauthorised files, clicking links in unsolicited emails and surfing dubious websites - all of which many would not do at home.

'In most cases, it's not that people deliberately behave recklessly online,' said Graham Cluley, senior technology consultant at Sophos,' [it is] rather, they don't know how to act responsibly, and may not be fully aware of the potential consequences of unsafe Internet and email usage.'

However, he also suggested that some employees are fully aware of the implications of their actions but would rather open their company up to security risks instead of their own personal technology.

'People may be tempted to use the company's bandwidth rather than their own to download large files, like movies, which may also include illegal files, and many will surf websites that they don't want people at home to know about,' Cluley added.

Sophos has warned that employees behaving in this way are jeopardising the bottom lines of employers and has urged IT departments to ensure that user policies are put into place. Many companies have improved in-house security systems over recent years, as viruses, spyware and spammers become increasingly sophisticated, but more can be done. It seems that raising awareness in the workplace is one measure that must be taken to reduce security risks.

'IT managers must now look to enforce strict policies on internet and email to ensure business networks remain safe and secure, as well as running anti-virus and other security software,' said Cluley.

The frustration felt by many IT professionals is reflected in the results of the Sophos survey, with 63 per cent saying that official warnings should be issued to workers misusing office computers and 10 per cent believe instant dismissal would be plausible.

Surveys also conducted in the US, Germany and Japan, concerning end-user practice found that 39 per cent of employees believe that IT should prevent them from falling victim to threats like spyware and phishing.

The survey from security specialists Trend Micro found that 63 per cent admitted that their online behaviour in the workplace is less cautious, with many saying that they felt more comfortable clicking on suspicious links or visiting disreputable websites. Reasons given by respondents for their actions were that the company had advanced security software installed and IT are always on hand if problems occur.

Sophos have drawn up a list of the 'sinful seven' online activities at work that employees should avoid and urge IT departments to circulate the advice, to prevent unnecessary security holes from arising.

The sinful seven are:

- Downloading music and movies

- Opening email attachments or clicking on links in unsolicited emails

- Surfing pornographic or other dubious websites

- Running 'joke' programs sent by friends and colleagues

- Installing unauthorised software and web browser plug-ins

- Giving information to unknown parties via phone or email

- Using the same password on different websites and password sharing