Many enterprises are potentially jeopardising corporate IT security by failing properly to control the "risky online behaviour" of remote workers, new research has claimed.
The second international study of remote workers and their online behaviour, conducted by Cisco Systems, found that many corporate IT departments have little or no control over the internet use of remote workers.
Cisco's latest study included responses from more than 1,000 remote workers and 1,000 IT decision makers in the US, UK, France, Germany, Italy, Japan, China, India, Australia and Brazil.
Conducted this summer by an independent market research firm, the responses are "eye-opening", according to Cisco.
In six of the 10 countries. including the US, the majority of remote workers believed that their general managers had more authority to control their behaviour than the IT department.
And in France, more remote workers (38 percent) said that it was no one's business than those (33 percent) who felt IT had such a right.
More remote workers in Australia, Brazil, China and the UK viewed their general managers as having more authority than IT.
India, Italy, Japan and Germany were the exceptions, but one-third of the remote workers in Japan and Germany placed the responsibility on their managers, regardless of whether they felt IT had such a right.
All remote workers surveyed were non-IT professionals, meaning that managers in sales, marketing, accounting, HR, customer support, operations and other lines of business were perceived to rival or exceed IT's authority in managing remote users' online behaviour.
Aside from managers and IT, 13 percent of all remote workers felt that no one should control their use of corporate devices.
France featured the most remote workers who felt this way (38 per cent) but more than one-third of the respondents in Italy echoed this sentiment.
Those in Japan (22 percent), the US (14 percent) and Australia (14 percent) also exceeded the global average.
"These results highlight the influence that social and business cultures have on perceptions and behaviour," said Jeff Platon, vice president of security solutions marketing at Cisco.
"For example, in Germany, 71 percent agreed that IT should police their behaviour, but one-third also felt that managers shared that responsibility.
"And one in every four felt that co-workers played a role too. Many German respondents felt that the entire corporate population is accountable for information security."
John Stewart, chief security officer at Cisco, said: "IT understands that employees are aware of security issues but are frequently unaware that their behaviour is risky."
Such behaviour included hijacking a neighbour's wireless network, opening suspicious emails, accessing corporate files with personal devices, and sharing work computers with non-employees.
"The contradiction between remote workers' awareness and behaviour, the reasoning behind their actions and their perception of IT, provide enough motivation for CIOs and CSOs to re-establish their position as a trusted security adviser within their organisations," said Stewart.
"This research clearly indicates that security is everyone's responsibility. IT has an opportunity, and an obligation, to evolve its image and take a leadership role in making the connection between security risks and workers' actions."
IT departments losing control of remote workers
By Robert Jaques on Nov 7, 2006 11:38AM