Can you count on your employees to keep confidential corporate information secure?
Probably not, according to the 2010 Trend Micro survey on corporate and small business end users.
The survey, which included 1600 end users in the U.S., U.K, Germany and Japan, found that, in general, employees were much more focused on individual concerns and conveniences than their company's overall IT security. For instance:
About 50 percent of those polled have divulged employee-privy data through an unsecure Web mail account.
Mobile workers were least concerned of all. Across all countries, 60 percent of mobile workers versus 44 percent of desktop workers admitted to having sent out confidential company information via IM, Web mail or social media applications. In Japan, that number jumped to more than three-fourths (78 percent) of the mobile employees polled.
Mobile workers are also more likely to perform non-work related activities while on their company's network, compared to desktop workers. Apparently, this is particularly true in the U.S., where 74 percent of laptop users said they checked personal email (58 percent for desktop users) and 58 percent said they browsed Web sites unrelated to work (45 percent for desktop users.)
When asked about Web threats, 36 percent of U.S. end-users said loss of personal information was their top concern about viruses; only 29 percent expressed concern over the loss of corporate data due to viruses.
Interestingly, about ten percent of users in each country admitted to overriding their corporate security in order to access restricted Web sites. Germany ranked the highest, with 12 percent of its end-users admitting to tinkering with corporate security. The U.K. had 11 percent. The U.S. and Japan both had 8 percent.
I have posted before about risks embedded in the "human element" of the supply chain. Obviously, these new survey results suggest that the leakage of confidential corporate information and an under-appreciation for the damage Web threats can cause remain serious issues not only for IT administrators, but for the entire enterprise.
Tips for establishing data protection policies and educating employees are available here.