February 08, 2008
Workers’ attitude on security can compromise company data and network
Beyond technology, IT managers should look at the human factor in network security risks.
Whoever said that artificial intelligence was no match for natural stupidity must have known something a lot of tech workers didn’t. A recent survey by Cisco of 2,000 IT workers from 10 countries including the United States, United Kingdom, France, Germany, Italy, Japan, China, India, Australia, and Brazil, said that “remote workers feel less urgency to be vigilant in their online behavior.”
In spite of their perceived vulnerability to security attacks when accessing company networks from outside office premises, they believe that threats have softened in the past year. Related to the perceived softening of security risks, managers responded that remote employees were less concerned about their behavior online.
This behavior is not unique to remote or telecommuting workers who access company data from home. Off-shore outsourced workers who work within the virtual environments of companies by remote access to desktops and shared data pose the same risks to security.
It is somewhat surprising that after the past lessons of “ILOVEYOU” virus and malware attacks, tech workers still open emails and attachments from unknown sources. The country with highest violations is China, with a whopping 62% of those surveyed who admitted to opening mails and attachments from suspicious or unknown senders.
Using company networks for personal use has also become a problem. Online shopping, logging in to social networking sites and downloading content were among the top ways employees abused the use of company networks.
Even when entire departments are built to formulate network use policies and make sure that these policies are followed, there is no guarantee that remote workers will always be careful in handling data or will adhere to company security standards. “This research stresses the point that managing corporate security is part technology, part process, part awareness, education and communication,” according to John N. Stewart, Cisco’s chief security officer.
Technology departments can only do so much in protecting company data and networks. But beyond technology, workers’ attitudes towards network and information security form half of the problem that no technology can fully solve. A key aspect of network security lies in communication, training and follow-through of security policies. It is important for both outsourcers and vendors to educate their workers about the gravity of violating network security guidelines.
Geographic and corporate cultures both play a part in maintaining network security. An attitude among workers that does not support a company’s policies on network use cannot be eased by any firewalls. And sometimes, an attitude builds upon itself. If workers do not appreciate the nature of the stringent network security measures, IT managers therefore should take extra steps in communicating and educating the importance of the subject and maintain further precautions to prevent security breach. Moreover, workers should be allowed to see the big picture and understand the nature of the company’s business. An understanding of the company’s business allows them to appreciate the reasons why network and data security should be taken seriously.
Email This Article
