Data Leakage Is A People Problem - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
Commentary
9/30/2008
01:05 PM
Mike Fratto
Mike Fratto
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Data Leakage Is A People Problem

Cisco commissioned a global survey of IT administrators and computer users about their perceptions on data leakage. Not surprisingly, the study found employees use their work computers for personal use and IT knows it.

Cisco commissioned a global survey of IT administrators and computer users about their perceptions on data leakage. Not surprisingly, the study found employees use their work computers for personal use and IT knows it.What is surprising is that the attitudes about private company information vary greatly by country, which affects global organizations and those that outsource. You can view the report here.

The report was conducted by research firm Insight Express across 10 countries. In each country, 100 qualified IT administrators and 100 qualified non-IT computer users were selected. Cisco wanted to get the perspectives from both sides of the cube. Insight Express selected the respondents and conducted the survey.

The report overall highlights what we knew already. Employees use work computers for personal use. Who hasn't sent e-mail while at work, chatted with a friend over IM, purchased something while at work, or checked their bank accounts? There are some differences between countries. Users in China and Japan indicate they check personal e-mail from work even though doing so is not approved by IT.

If IT has set controls to stop unauthorized use of company resources, how are employees doing this? Altering security settings is one way. So 14% of all end users -- 42% of respondents in China , 26% in Brazil, and 20% in India -- indicated they had altered their computer settings in order to bypass company policy. If your company is based solely in the United States, count yourself lucky. Only 2% of respondents from the United States said they change security settings. Maybe that's due to the purported lack of technical ability in the States.

Of all the respondents, 52% indicated they wanted to view a Web site regardless of company policy and 35% said what they do on the Internet is none of their company's business. This is one of causes of frustration IT faces daily. No matter how tightly you lock down a system and try to tell employees what is acceptable and unacceptable behavior, a percentage will do what they want if they can.

I know I have declined to help people bypass their IT policies simply on principle. I don't like restrictive IT policies any more than the next person, but IT has a problem -- how to maintain a large number of machines with a limited number of people. One way is to simply stop users from modifying the computers they use. The computer I use for work isn't my computer; it's the company's computer. I also have my own laptop at home that I use, so I don't need to use my work computer.

But I also remember back in the '90s when a lot of people didn't have a PC or an Internet connection at home and used their work equipment for personal use. I recall even back then (and this still happens today) asking IT administrators complaining about users downloading malware from the Internet why they let them have Internet access in the first place. "Well, to get their jobs done!," they'd invariably reply and look at me like I just sprouted a third arm. My response always was the same. I'd ask how many of their people can really justify Internet access as part of their job duties? It was a question they couldn't answer, so instead, they opened the gates and then tried to stop the flood using blocking products that can be bypassed.

Surprisingly, 73% of traveling users take some action to ensure they're not being eavesdropped on while working outside the office. Nearly 50% indicated they monitor their surroundings, 32% said they speak softly on business calls (I wish that number was much higher, given the number of loudmouths walking and talking). Only a paltry 23% indicated they use privacy screens, screens that block the view of the screen off-angle. Think polarized lenses for your laptop.

As someone who isn't shy about shoulder surfing when I'm bored, privacy screens would curtail my in-flight entertainment because leaning over to get a good view would be too obvious. I remember one flight from Vegas to Seattle, I was sitting next to a sales engineer while he worked on his sales reports. I ended up telling a senior VP at the company that they should invest in some privacy screens. I didn't tell him why, though.

There was one point of congruence between users and IT. A little more than 40% of users give others access to their computer and little less than 40% of IT administrators know it.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
8 AI Trends in Today's Big Enterprise
Jessica Davis, Senior Editor, Enterprise Apps,  9/11/2019
Slideshows
IT Careers: 10 Places to Look for Great Developers
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/4/2019
Commentary
Cloud 2.0: A New Era for Public Cloud
Crystal Bedell, Technology Writer,  9/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll