What Makes A CIO Shudder?

It's mobile workers saying, "Security is not my job."And apparently, that's how many of them feel, according to a new survey of more than 700 mobile workers in seven countries (China, Germany, India, Singapore, South Korea, the United States, and the United Kingdom), sponsored by Cisco and the National Cyber Security Alliance, and conducted by market research firm InsightExpress.

Problem number one: a laissez-faire attitude by mobile workers toward wireless security. Almost three-quarters of survey respondents (73%) say they're not always cognizant of security threats and best practices when they're working wirelessly. Asked why they're lax in their security behavior, many mobile workers offered reasons like: "I'm busy and need to get work done;" "Security just is not top-of-mind for me;" and "It's IT's job, not mine."

Some insecure wireless practices respondents admitted to in the survey are shocking in their obviousness. For example, almost half (44%) of mobile workers surveyed say they open emails and/or attachments from unknown or suspicious sources. But why, when such practices have been emphatically discouraged for so long in the corporate environment? More than three-quarters (76%) say it's more difficult to identify suspicious e-mails and files on PDAs and smartphones than on laptops because the screens are much smaller.

One-third of mobile workers admit to accessing unauthorized wireless connections, such as hijacking a neighbor's wireless connection or jumping onto unauthorized connections in public places. Top Reasons: "Mine isn't working;" "They don't know so it's OK;" "I don't want to pay for my own connection."

Wireless security is an obvious priority for CIOs. According to InformationWeek Research's tenth annual Global Information Security Survey of more than 3,000 business technology and security professionals in the United States and China, most companies are feeling as vulnerable to security threats as they were a year ago, or more so. Second on the list of reasons for that vulnerability: "More ways to attack corporate networks, including wireless."

Hand-in-hand with decreasing vulnerability is the necessity to get all employees involved in the security effort. Third on the list of security challenges for this year, according to InformationWeek survey respondents: "Enforcing security policies."

The good news: according to InformationWeek survey respondents who admitted to security breaches in the last year, "Mobile (wireless) applications intrusion(s)" were low on that list, with only 7% of respondents in the United States and 6% in China reporting such breaches.

The bad news: If mobile workers continue with their laissez-faire attitude toward security, those numbers are bound to rise.