Business employees working remotely say they believe the Internet is getting safer. But they’re actually one of the reasons it’s so unsafe, according to a new study.
The study, conducted by researcher Insight Express and sponsored by Cisco, polled 2,000 remote access workers in 10 countries. Most of the respondents (56 percent) said they felt the Internet was safe in 2007, as opposed to 48 percent in 2006.
Ironically, as was the case in the earlier 2006 study, the results found a wide gap between teleworkers’ perceptions about security and the reality.
Worse, they themselves are evidently contributing to the problem, thanks to unsafe activities.
The study found that remote workers regularly engage in risky behavior — opening e-mails from unknown sources, using corporate PCs for personal activities and “hijacking” their neighbors’ Wi-Fi connections.
Forty-four percent of global respondents in 2007 said they felt it was acceptable to use their employer’s PC for personal activities, down slightly from 45 percent in 2006.
The U.S. trended in the opposite direction, however. Forty percent in 2007 admitted to misusing an employer-owned PC for their own purposes — a sizable increase from the 29 percent reported in 2006.
More specifically, 43 percent of respondents worldwide admitted to doing personal Internet shopping on their corporate PC, a small increase from 39 percent the previous year.
In the U.S., that figure is again far larger. Respondents admitting to shopping online with their employer’s PC rose to 62 percent in 2007, up from 46 percent the year before.
Other unsafe behavior included allowing non-employees to share an employer-owned PC. On a global basis, 21 percent of respondents admitted to the practice — up from 20 percent in 2006. Additionally, 12 percent worldwide said they helped themselves to a neighbor’s Wi-Fi connection, a 1 percent increase from the previous year.
The study also examined respondents’ motivation for engaging in behavior that potentially undermined the security of their PC and corporate network.
Twenty percent of the study’s respondents reported using their corporate PC for personal online shopping because of a lack of time — they’d never complete personal chores if they didn’t do them while “at work.”
Respondents also had an answer for why they shared their employer-owned PC with friends and family: 32 percent of those polled said they simply didn’t see anything wrong with the practice.
When it came to reasons why they “borrowed” their neighbor’s wireless Internet connectivity, some 22 percent of respondents claimed they couldn’t tell whether they were using someone else’s Wi-Fi or their own.
With so many users engaging in risky activities, it seems odd that believe security is actually improving. What’s behind such a disparity?
Patrick Gray, senior security strategist at Cisco, sees a decreasing sense among remote workers, ensuring that they fail to remain diligent.
“We haven’t seen major worms in a few years — things have changed with the bad guys going underground using more stealthy methods,” Gray told InternetNews.com. “With this reduction of gross attacks, we have a false sense of security among the user population.”
The recent Storm worm has not proven a wake-up call because it’s not of the same category as the Zotob, Blaster and Sasser worms of the past, Gray said. Those worms were harmful in that they shut down computers, so infection proved impossible to overlook.
“Storm is insidious in the fact that people don’t know they are being compromised,” he added.
Users also fail to understand the security implications of some of their behaviors, Gray said. For instance, remote workers may not know there are risks in just visiting a Web site, so they might not think much of using an employer’s PC for shopping or other personal activities.
In some cases, teleworkers will disconnect from their corporate VPN to shop online, then reconnecting afterward, Gray said. However, doing so could mean the user brings malware with them once they reconnect, endangering the corporate network.
Workers may not be wholly at fault for failing to understand how their actions could threaten network security. Instead, their companies’ IT administrators could bear some responsibility because they haven’t done an adequate job explaining the problem, according to John Stewart, Cisco’s chief security officer.
In a Webcast discussing the study’s findings, Stewart said IT professionals industry-wide still have a long way to go in explaining to employees why they should take caution in their activities, whether at home or in the office.
“We still haven’t done enough,” Stewart said. “The whole concept of ‘work versus home’ is completely disappearing in front of our eyes. We’ve got to remember we’re crossing the chasms of ‘work versus play’ and they’re becoming the same thing.”