News
News
9/14/2005
03:38 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Are IT Departments Security Risks?

Workers are more likely to indulge in dangerous behavior on the Internet when they know they have an IT department to get them out of trouble, according to a study.

Workers are more like to indulge in risky Internet behavior -- surfing to unknown or even suspicious sites, for example -- when they have an IT department behind them to clean up their mess, a recently released study claims.

According to the July study -- which was released Tuesday by Tokyo-based Trend Micro and based on polls of 1,200 users, 400 each in the U.S., Germany, and Japan -- 39 percent of enterprise workers believed that their company's IT department would keep them safe from viruses, worms, spyware, spam, and phishing and pharming attacks.

That confidence, whether on the mark or misplaced, leads workers to do risky, even stupid, things at work, such as opening questionable e-mail messages or clicking on unknown Web site links.

Out of those who admitted to unsafe surfing, 63 percent acknowledged they took the risk because IT had installed security software on their computers, for instance. Meanwhile, 40 percent of risk-takers admitted they did so because IT was available to provide support if problems occurred, essentially providing a backstop.

The correlation between IT’s presence, workers' security expectations, and riskier behavior shows how important it is for administrators to keep ahead of employee expectations, said Bob Hansmann, Trend's senior product marketing manager, on Wednesday.

"IT needs to meet the employees' expectations of support responsibility," said Hansmann. "That may mean even greater [security] investments than originally planned. Or more employee education. IT may need to get in front of the employees more to tell them that they have some responsibility for their actions, too."

But user education may be talking to a brick wall because some workers slough off responsibility for even knowing about threats. "Workers in larger companies don't worry about being educated, they just assume that IT handles everything," said Hansmann. "Big company employees just don’t see security as their responsibility." U.S. workers were the most confident in IT as a safety net. Nearly half of American employees surveyed, 48 percent, said they were more likely to open suspicious e-mail messages or click on Web links because they could rely on IT. In Japan, however, only 28 percent admitted in such risky moves.

"U.S. workers are a more cavalier about opening things," Hansmann noted. "There's a high level of trust that IT is protecting them, or worse, they just don't think that it's their fault when something goes wrong."

Another aspect of the problem, concluded Trend in the report, is that some users have an "it's not mine" attitude about their hardware, akin to the difference between how renters feel about their apartments and home owners think of their homes.

One in three (34 percent) of U.S. users and more than one in four of those in Germany (29 percent) and Japan (28 percent) admitted they clicked on suspicious links or opened iffy e-mail because the computer equipment wasn't theirs.

Other than worm or spyware infection increases, the fallout from this kind of attitude impacts corporate help desks, Trend's survey noted. Major chunks of the employees polled said that they'd contacted IT about security problems or concerns in the last three months. German workers were the most likely to ring up the help desk (38 percent), but fewer of those in the U.S. (31 percent) and Japan (27 percent) touched base with the help desk.

"Maybe it's because North American workers have been drilled to reduce help desk calls, but it's a fact that they're less likely than Germans to call," said Hansmann.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.