Teleworkers Know (And Ignore) Security Risks, Study Says - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Business & Finance

Teleworkers Know (And Ignore) Security Risks, Study Says

More than 20% of the employees surveyed allow friends, family members, and other nonemployees to use their work computers to access the Internet.

The majority of telecommuters are aware of the security dangers that go along with using mobile devices and remotely logging onto their employers' networks, yet their behavior for the most part contradicts this awareness, according to a study issued Monday by Cisco Systems and research firm InsightExpress.

Of 1,000 teleworkers contacted across 10 countries, more than one of every five allows friends, family members, or other non-employees to use his/her work computer to access the Internet. The top five justifications for doing this were that workers didn't see anything wrong with it, their companies didn't mind, they didn't think that letting others use company-issued computers increases security risks, they doubted their companies would care, and their co-workers did it, too.

About one-third of the teleworkers admitted using work computers for personal computing, while nearly half of the respondents indicate that they download personal files onto their work devices. One of every four remote worker surveyed indicated he or she opens unknown e-mails when using work devices.

Despite this risky behavior, don't expect companies to corral their remote workers anytime soon. Telecommuting and remote access are "an unstoppable force, so we have to build security for it," says Bob Gleichauf, CTO of Cisco's security business unit. This means security has to be taken out of the hands of end users as much as possible. Security in the future has to be "security out of the box, building security into processes and technologies," he adds.

It may not be security out of the box, but Driscoll Children's Hospital in Corpus Christi, Texas, does keep close tabs on its teleworkers to head problems off at the pass. The hospital relies on Microsoft Windows Server 2003 Terminal Services or a virtual private network to deliver secure access to staff that works from home and to workers at different clinics across 33 counties that the hospital serves. Of the thousands of health-care workers at Driscoll and this network of clinics, only about 80 require this sort of remote access, but even a handful of remote users improperly managed can expose the health-care facility's IT systems to a virus, spyware, or a data breach.

Teleworkers "present an interesting twist to security," says James Ballou, Driscoll's HIPAAsecurity officer and IS security specialist. Ballou's response is to give most teleworkers access through Terminal Services to only the applications and information they need. Other users, mostly at the administrative level, who require more flexibility, can access their applications and data via a VPN.

Driscoll audits workers' laptops three times each week to make sure there's no contraband software installed--such as iTunes or games--and to check for malware. "If we find something that shouldn't be on the computer, we'll go to that person and talk to them," says Ballou, who adds that he's never seen a worker dismissed from the hospital as a result of this sort of cyber contraband. "We have good policies in place and good ways to enforce them."

The security challenges that Ballou faces are a lot like those his counterparts face worldwide. The Cisco study, fielded by research firm InsightExpress from July 28 to Aug. 13, 2006, included responses from more than 1,000 teleworkers in Australia, Brazil, China, France, Germany, India, Italy, Japan, the U.K., and the United States. Workers who were surveyed connect remotely to their employers' networks at least a few times per year using a PC, laptop, or mobile device provided by the employer.

Among the countries included in the survey, China had the greatest percentage, 78%, of respondents who said they were aware of security when working remotely. Yet Chinese respondents were also the most likely to use their work computers for personal reasons, open e-mails from unknown senders, allow others to use their work computers, and download personal files to their work computers.

Cisco commissioned the study because "so much of security is about better visibility into your user community," Gleichauf says. "Companies have [security] policies that help them sleep better at night but that don't reflect reality." The global scope of the survey also provides a perspective on the way other cultures work. IT management can either adapt to these methods or try to change them, but they can't do either if they're not aware of them.

Companies have to think twice before they allow security measures to erect barriers around mobile devices that make their workers more productive, Gleichauf says, adding, "it's the job of the security people to enable the business and protect it from failure but not become a barrier to competitive efficiencies."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
7 Technologies You Need to Know for Artificial Intelligence
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2019
A Practical Guide to DevOps: It's Not that Scary
Cathleen Gagne, Managing Editor, InformationWeek,  7/5/2019
Diversity in IT: The Business and Moral Reasons
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  6/20/2019
Register for InformationWeek Newsletters
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll