News
News
9/14/2005
03:38 PM
Connect Directly
RSS
E-Mail
50%
50%

Are IT Departments Security Risks?

Workers are more likely to indulge in dangerous behavior on the Internet when they know they have an IT department to get them out of trouble, according to a study.

Workers are more like to indulge in risky Internet behavior -- surfing to unknown or even suspicious sites, for example -- when they have an IT department behind them to clean up their mess, a recently released study claims.

According to the July study -- which was released Tuesday by Tokyo-based Trend Micro and based on polls of 1,200 users, 400 each in the U.S., Germany, and Japan -- 39 percent of enterprise workers believed that their company's IT department would keep them safe from viruses, worms, spyware, spam, and phishing and pharming attacks.

That confidence, whether on the mark or misplaced, leads workers to do risky, even stupid, things at work, such as opening questionable e-mail messages or clicking on unknown Web site links.

Out of those who admitted to unsafe surfing, 63 percent acknowledged they took the risk because IT had installed security software on their computers, for instance. Meanwhile, 40 percent of risk-takers admitted they did so because IT was available to provide support if problems occurred, essentially providing a backstop.

The correlation between IT’s presence, workers' security expectations, and riskier behavior shows how important it is for administrators to keep ahead of employee expectations, said Bob Hansmann, Trend's senior product marketing manager, on Wednesday.

"IT needs to meet the employees' expectations of support responsibility," said Hansmann. "That may mean even greater [security] investments than originally planned. Or more employee education. IT may need to get in front of the employees more to tell them that they have some responsibility for their actions, too."

But user education may be talking to a brick wall because some workers slough off responsibility for even knowing about threats. "Workers in larger companies don't worry about being educated, they just assume that IT handles everything," said Hansmann. "Big company employees just don’t see security as their responsibility." U.S. workers were the most confident in IT as a safety net. Nearly half of American employees surveyed, 48 percent, said they were more likely to open suspicious e-mail messages or click on Web links because they could rely on IT. In Japan, however, only 28 percent admitted in such risky moves.

"U.S. workers are a more cavalier about opening things," Hansmann noted. "There's a high level of trust that IT is protecting them, or worse, they just don't think that it's their fault when something goes wrong."

Another aspect of the problem, concluded Trend in the report, is that some users have an "it's not mine" attitude about their hardware, akin to the difference between how renters feel about their apartments and home owners think of their homes.

One in three (34 percent) of U.S. users and more than one in four of those in Germany (29 percent) and Japan (28 percent) admitted they clicked on suspicious links or opened iffy e-mail because the computer equipment wasn't theirs.

Other than worm or spyware infection increases, the fallout from this kind of attitude impacts corporate help desks, Trend's survey noted. Major chunks of the employees polled said that they'd contacted IT about security problems or concerns in the last three months. German workers were the most likely to ring up the help desk (38 percent), but fewer of those in the U.S. (31 percent) and Japan (27 percent) touched base with the help desk.

"Maybe it's because North American workers have been drilled to reduce help desk calls, but it's a fact that they're less likely than Germans to call," said Hansmann.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.