Are IT Departments Security Risks? - InformationWeek
03:38 PM

Are IT Departments Security Risks?

Workers are more likely to indulge in dangerous behavior on the Internet when they know they have an IT department to get them out of trouble, according to a study.

Workers are more like to indulge in risky Internet behavior -- surfing to unknown or even suspicious sites, for example -- when they have an IT department behind them to clean up their mess, a recently released study claims.

According to the July study -- which was released Tuesday by Tokyo-based Trend Micro and based on polls of 1,200 users, 400 each in the U.S., Germany, and Japan -- 39 percent of enterprise workers believed that their company's IT department would keep them safe from viruses, worms, spyware, spam, and phishing and pharming attacks.

That confidence, whether on the mark or misplaced, leads workers to do risky, even stupid, things at work, such as opening questionable e-mail messages or clicking on unknown Web site links.

Out of those who admitted to unsafe surfing, 63 percent acknowledged they took the risk because IT had installed security software on their computers, for instance. Meanwhile, 40 percent of risk-takers admitted they did so because IT was available to provide support if problems occurred, essentially providing a backstop.

The correlation between IT’s presence, workers' security expectations, and riskier behavior shows how important it is for administrators to keep ahead of employee expectations, said Bob Hansmann, Trend's senior product marketing manager, on Wednesday.

"IT needs to meet the employees' expectations of support responsibility," said Hansmann. "That may mean even greater [security] investments than originally planned. Or more employee education. IT may need to get in front of the employees more to tell them that they have some responsibility for their actions, too."

But user education may be talking to a brick wall because some workers slough off responsibility for even knowing about threats. "Workers in larger companies don't worry about being educated, they just assume that IT handles everything," said Hansmann. "Big company employees just don’t see security as their responsibility." U.S. workers were the most confident in IT as a safety net. Nearly half of American employees surveyed, 48 percent, said they were more likely to open suspicious e-mail messages or click on Web links because they could rely on IT. In Japan, however, only 28 percent admitted in such risky moves.

"U.S. workers are a more cavalier about opening things," Hansmann noted. "There's a high level of trust that IT is protecting them, or worse, they just don't think that it's their fault when something goes wrong."

Another aspect of the problem, concluded Trend in the report, is that some users have an "it's not mine" attitude about their hardware, akin to the difference between how renters feel about their apartments and home owners think of their homes.

One in three (34 percent) of U.S. users and more than one in four of those in Germany (29 percent) and Japan (28 percent) admitted they clicked on suspicious links or opened iffy e-mail because the computer equipment wasn't theirs.

Other than worm or spyware infection increases, the fallout from this kind of attitude impacts corporate help desks, Trend's survey noted. Major chunks of the employees polled said that they'd contacted IT about security problems or concerns in the last three months. German workers were the most likely to ring up the help desk (38 percent), but fewer of those in the U.S. (31 percent) and Japan (27 percent) touched base with the help desk.

"Maybe it's because North American workers have been drilled to reduce help desk calls, but it's a fact that they're less likely than Germans to call," said Hansmann.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
2017 State of IT Report
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll