03:38 PM
Connect Directly

Are IT Departments Security Risks?

Workers are more likely to indulge in dangerous behavior on the Internet when they know they have an IT department to get them out of trouble, according to a study.

Workers are more like to indulge in risky Internet behavior -- surfing to unknown or even suspicious sites, for example -- when they have an IT department behind them to clean up their mess, a recently released study claims.

According to the July study -- which was released Tuesday by Tokyo-based Trend Micro and based on polls of 1,200 users, 400 each in the U.S., Germany, and Japan -- 39 percent of enterprise workers believed that their company's IT department would keep them safe from viruses, worms, spyware, spam, and phishing and pharming attacks.

That confidence, whether on the mark or misplaced, leads workers to do risky, even stupid, things at work, such as opening questionable e-mail messages or clicking on unknown Web site links.

Out of those who admitted to unsafe surfing, 63 percent acknowledged they took the risk because IT had installed security software on their computers, for instance. Meanwhile, 40 percent of risk-takers admitted they did so because IT was available to provide support if problems occurred, essentially providing a backstop.

The correlation between IT’s presence, workers' security expectations, and riskier behavior shows how important it is for administrators to keep ahead of employee expectations, said Bob Hansmann, Trend's senior product marketing manager, on Wednesday.

"IT needs to meet the employees' expectations of support responsibility," said Hansmann. "That may mean even greater [security] investments than originally planned. Or more employee education. IT may need to get in front of the employees more to tell them that they have some responsibility for their actions, too."

But user education may be talking to a brick wall because some workers slough off responsibility for even knowing about threats. "Workers in larger companies don't worry about being educated, they just assume that IT handles everything," said Hansmann. "Big company employees just don’t see security as their responsibility." U.S. workers were the most confident in IT as a safety net. Nearly half of American employees surveyed, 48 percent, said they were more likely to open suspicious e-mail messages or click on Web links because they could rely on IT. In Japan, however, only 28 percent admitted in such risky moves.

"U.S. workers are a more cavalier about opening things," Hansmann noted. "There's a high level of trust that IT is protecting them, or worse, they just don't think that it's their fault when something goes wrong."

Another aspect of the problem, concluded Trend in the report, is that some users have an "it's not mine" attitude about their hardware, akin to the difference between how renters feel about their apartments and home owners think of their homes.

One in three (34 percent) of U.S. users and more than one in four of those in Germany (29 percent) and Japan (28 percent) admitted they clicked on suspicious links or opened iffy e-mail because the computer equipment wasn't theirs.

Other than worm or spyware infection increases, the fallout from this kind of attitude impacts corporate help desks, Trend's survey noted. Major chunks of the employees polled said that they'd contacted IT about security problems or concerns in the last three months. German workers were the most likely to ring up the help desk (38 percent), but fewer of those in the U.S. (31 percent) and Japan (27 percent) touched base with the help desk.

"Maybe it's because North American workers have been drilled to reduce help desk calls, but it's a fact that they're less likely than Germans to call," said Hansmann.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.