Are IT Departments Security Risks? - InformationWeek
03:38 PM

Are IT Departments Security Risks?

Workers are more likely to indulge in dangerous behavior on the Internet when they know they have an IT department to get them out of trouble, according to a study.

Workers are more like to indulge in risky Internet behavior -- surfing to unknown or even suspicious sites, for example -- when they have an IT department behind them to clean up their mess, a recently released study claims.

According to the July study -- which was released Tuesday by Tokyo-based Trend Micro and based on polls of 1,200 users, 400 each in the U.S., Germany, and Japan -- 39 percent of enterprise workers believed that their company's IT department would keep them safe from viruses, worms, spyware, spam, and phishing and pharming attacks.

That confidence, whether on the mark or misplaced, leads workers to do risky, even stupid, things at work, such as opening questionable e-mail messages or clicking on unknown Web site links.

Out of those who admitted to unsafe surfing, 63 percent acknowledged they took the risk because IT had installed security software on their computers, for instance. Meanwhile, 40 percent of risk-takers admitted they did so because IT was available to provide support if problems occurred, essentially providing a backstop.

The correlation between IT’s presence, workers' security expectations, and riskier behavior shows how important it is for administrators to keep ahead of employee expectations, said Bob Hansmann, Trend's senior product marketing manager, on Wednesday.

"IT needs to meet the employees' expectations of support responsibility," said Hansmann. "That may mean even greater [security] investments than originally planned. Or more employee education. IT may need to get in front of the employees more to tell them that they have some responsibility for their actions, too."

But user education may be talking to a brick wall because some workers slough off responsibility for even knowing about threats. "Workers in larger companies don't worry about being educated, they just assume that IT handles everything," said Hansmann. "Big company employees just don’t see security as their responsibility." U.S. workers were the most confident in IT as a safety net. Nearly half of American employees surveyed, 48 percent, said they were more likely to open suspicious e-mail messages or click on Web links because they could rely on IT. In Japan, however, only 28 percent admitted in such risky moves.

"U.S. workers are a more cavalier about opening things," Hansmann noted. "There's a high level of trust that IT is protecting them, or worse, they just don't think that it's their fault when something goes wrong."

Another aspect of the problem, concluded Trend in the report, is that some users have an "it's not mine" attitude about their hardware, akin to the difference between how renters feel about their apartments and home owners think of their homes.

One in three (34 percent) of U.S. users and more than one in four of those in Germany (29 percent) and Japan (28 percent) admitted they clicked on suspicious links or opened iffy e-mail because the computer equipment wasn't theirs.

Other than worm or spyware infection increases, the fallout from this kind of attitude impacts corporate help desks, Trend's survey noted. Major chunks of the employees polled said that they'd contacted IT about security problems or concerns in the last three months. German workers were the most likely to ring up the help desk (38 percent), but fewer of those in the U.S. (31 percent) and Japan (27 percent) touched base with the help desk.

"Maybe it's because North American workers have been drilled to reduce help desk calls, but it's a fact that they're less likely than Germans to call," said Hansmann.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll