-- Opening emails and attachments from unknown or suspicious sources:
Although it is one of the age-old security risks, many remote workers admit
that they still open suspicious emails and attachments despite the
potential for triggering malware attacks. China (62 percent) is the most
egregious offender. But arguably more disturbing is a growing trend in
entrenched Internet-adopter countries like the United Kingdom (48 percent),
Japan (42 percent), Australia (34 percent) and the United States (27
percent). For example, in Japan, 14 percent admit they open both an unknown
or suspicious email and any attachments.
-- Using work computers and devices for personal use: A 3 percentage-
point increase year-over-year shows that more remote workers use corporate
devices for personal use, such as Internet shopping, downloading music, and
visiting social networking sites. This trend occurs in eight of the 10
countries, and the highest year-to-year spike occurs in France (27 percent
to 50 percent). In Brazil, this trend rose 16 percentage points despite an
increasing number of respondents agreeing that this was unacceptable
behavior (37 percent to 52 percent year-over-year).
Reasons Offered: "My company doesn't mind me doing so," "I'm alone and have
spare time," "My boss isn't around," "My IT department will support me if
something goes wrong."
-- Allowing non-employees to borrow work computers and devices for
personal use: As employees work more from home, the likelihood increases
that they will share corporate devices with non-employees (e.g. family,
roommates) who are not educated by IT or held to a company's security
policies. This trend is increasing. While China features the highest rate
of "device sharing" for the year (39 percent), the United Kingdom (from 7
percent in 2006 to 22 percent in 2007) and France (from 15 percent to 26
percent) reveal steep year-over-year increases.
Reasons Offered: "I don't see anything wrong with it," "My company doesn't
mind me doing so," "I don't think it increases security risks," "Co-workers
do it."
-- Hijacking wireless Internet connections from neighbors: Globally, 12
percent of remote workers admit to accessing a neighbor's wireless
connection, with threefold year-to-year increases in Japan (6 percent to 18
percent) and France's 10 percent year-to-year rise (5 percent to 15
percent) representing the fastest-growing rates. China (from 19 percent in
2006 to 26 percent in 2007) and the United Kingdom (from 6 percent to 11
percent) also feature significant increases.
Reasons Offered: "I needed it because I was in a bind," "It's more
convenient than using my wireless connection," "I can't tell if I'm using
my own or my neighbor's wireless connection," "My neighbor doesn't know, so
it's OK."
-- Accessing work files with personal, non-IT-protected devices:
Accessing corporate networks and files with devices that are not protected
by an employee's IT team presents security risks to the company, its
information and its employees. As the number of remote workers grows, the
study reveals an annual rise (45 percent in 2006 to 49 percent in 2007) in
this behavior. It's widespread in many countries, especially China (76
percent), the United States (55 percent), Brazil (52 percent) and France
(48 percent).
Reasons Offered: "These devices are secure with antivirus and other content
security software," "I regularly use these devices to access my network,"
"My IT department has said it's OK to do so."
Strategic Recommendations for Protecting an Increasingly Distributed
Workforce
According to Stewart, now more than ever, it is imperative for the IT
department to reassess how it's perceived by employees and how it can
proactively influence corporate security. IT often approaches security
exclusively from a technology perspective, but the need for security
awareness, education, and proactive, sustained communication is as
fundamental as purchasing a firewall. Spearheading this consultative
engagement with employees represents a prime opportunity for IT to reshape
its image in the eyes of its users and maximize the return on technology
investments. It provides a platform for IT to be viewed not as a cost
center, but as a true business enabler. In doing this, the research's
multicultural scope highlights the need for IT security leaders to apply
"localized" engagement and communicate more targeted approaches for
different parts of the world.
"What we've found in year two reinforces the need for IT to triangulate
awareness, education, and communication between their teams, executives,
and employees," Stewart said. "How you communicate and educate employees
about essential security practices and policies will be different in Japan
than in the United States. It will be different in China than in France.
Security awareness and education requires an understanding of your
audience's culture. You have to relate to them and earn their trust.
Through trust comes respect and cooperation.
"This research stresses the point that managing corporate security is part
technology, part process, part awareness, education and communication,"
Stewart added. "It's often more of a human challenge than a technical one.
And because of that, IT has the duty to emerge from the traditional back
office to become more proactively engaged and consultative with its user
base. Simply put, now is the time for IT to become more strategic than
ever."
The study and key findings will be spotlighted by Cisco security
executives, including Stewart, as part of a live Internet TV broadcast
today from 8 a.m. to 9 a.m. PST on global threat trends and managing the
human side of security challenges (to attend:
http://tools.cisco.com/cmn/jsp/index.jsp?id=70346).
1) Gartner, Inc. "Dataquest Insight: Teleworking, The Quiet Revolution
(2007 Update)" by Caroline Jones, May 14, 2007
About Cisco
Cisco (Contact Information: Media Relations: Neil Wu Becker Cisco Systems, Inc. 408 525-7415 nebecker@cisco.com Industry Analyst Relations: Sarita Kincaid Cisco Systems, Inc. 408 525 0733 skincaid@cisco.com Investor Relations: Marisa Ross Cisco Systems, Inc. 408 527 9830 mariross@cisco.com