Cisco Study Reveals Need For Diligence Among Remote Workers

Feb 5, 2008 3:12 PM

           

Cisco has announced key findings from its annual global study on remote workers' security awareness and online behavior, indicating how they can inadvertently heighten risks for themselves and the companies they work for. The study's findings are prompting Cisco security executives to offer recommendations to IT professionals on how to protect their companies against threats and maximize the business benefits of distributed and mobile workforces.

Conducted by InsightExpress, a U.S.-based market research firm, the study involves surveys of more than 2,000 remote workers and IT professionals from various industries and company sizes in 10 countries: the United States, United Kingdom, France, Germany, Italy, Japan, China, India, Australia and Brazil. The 10 countries were chosen because they represent a diverse set of social and business cultures, stable and emerging network-dependent economies and varied lengths of Internet adoption.

The study's significance takes on growing importance as the number of remote workers increases worldwide. According to a 2007 Gartner report, "The worldwide corporate teleworking population of individuals that spend at least one day a month teleworking from home is expected to show a compound annual growth rate (CAGR) of 4.3 percent between 2007 and 2011. In the same period, the worldwide corporate teleworking population of individuals that spend at least one day a week teleworking from home is expected to show a CAGR of 4.4 percent. This population will likely reach 46.6 million by the end of 2011."

"Remote access and distributed workforces are here to stay. They provide competitive advantages and greater operational efficiency," says John N. Stewart, Cisco's chief security officer. "Businesses have the opportunity to benefit from productivity increases while preventing security risks from undermining them. This study provides intelligence and recommendations for understanding and minimizing risks as businesses allow employees to branch out beyond the traditional office. It explores their remote workers' psyche and provides valuable information about their approach to security."

One key finding is that remote workers feel less urgency to be vigilant in their online behavior. Although the majority believes they are more vulnerable outside the office than in, their perceptions of security threats are softening. In just one year, the number of remote workers who believe the Internet is safer increased 8 percent, from just under half (48 percent) to more than half (56 percent). This trend is especially prevalent in Brazil (71 percent), India (68 percent) and China (64 percent), three of the world's fastest-growing economies whose workforces are depending more and more on the Internet and corporate networks.

According to the study, IT respondents believe their remote employees are becoming less disciplined in their online behavior: More than half (55 percent) believe their remote workers are becoming less diligent toward security awareness, an 11 percentage point increase from the year before. This perception shift may be a result of the threat landscape's evolution from overt to covert attacks. According to the Computer Security Institute's 2007 computer crime and security report, the number of financially motivated attacks surpassed traditional malware attacks (including viruses, worms and spyware), and for the first time in the survey's 12-year history, the average annual loss from fraudulent attacks surpassed damages from malware. Although today's threats are more dangerous because they sabotage personal identities in addition to corporate intelligence, their invisible nature creates a false sense of comfort among employees that can result in a loss of discipline around online behavior, particularly when they work remotely.

"While working at home, people tend to let their guard down more than they do at the office, so adhering to security policies doesn't always intuitively seem applicable or as necessary in the private confines of one's home," Stewart says. "The blurring of the lines between work and home, and between business lives and personal lives, presents a growing challenge for businesses seeking to capitalize on the productivity benefits of the remote workforce."

Some of the key findings and reasons for risky behavior in year two include:

-- Opening e-mails and attachments from unknown or suspicious sources: Although it is one of the age-old security risks, many remote workers admit that they still open suspicious e-mails and attachments despite the potential for triggering malware attacks. China (62 percent) is the most egregious offender. But arguably more disturbing is a growing trend in entrenched Internet-adopter countries like the United Kingdom (48 percent), Japan (42 percent), Australia (34 percent) and the United States (27 percent). For example, in Japan, 14 percent admit they open both an unknown or suspicious e-mail and any attachments.

-- Using work computers and devices for personal use: A 3 percentage-point increase year-over-year shows that more remote workers use corporate devices for personal use, such as Internet shopping, downloading music and visiting social networking sites. This trend occurs in eight of the 10 countries, and the highest year-to-year spike occurs in France (27 percent to 50 percent). In Brazil, this trend rose 16 percentage points despite an increasing number of respondents agreeing that this was unacceptable behavior (37 percent to 52 percent year-over-year).
Reasons Offered: "My company doesn't mind me doing so," "I'm alone and have spare time," "My boss isn't around," "My IT department will support me if something goes wrong."

-- Allowing non-employees to borrow work computers and devices for personal use: As employees work more from home, the likelihood increases that they will share corporate devices with non-employees (e.g. family, roommates) who are not educated by IT or held to a company's security policies. This trend is increasing. While China features the highest rate of "device sharing" for the year (39 percent), the United Kingdom (from 7 percent in 2006 to 22 percent in 2007) and France (from 15 percent to 26 percent) reveal steep year-over-year increases.
Reasons Offered: "I don't see anything wrong with it," "My company doesn't mind me doing so," "I don't think it increases security risks," "Co-workers do it."

-- Hijacking wireless Internet connections from neighbors: Globally, 12 percent of remote workers admit to accessing a neighbor's wireless connection, with threefold year-to-year increases in Japan (6 percent to 18 percent) and France's 10 percent year-to-year rise (5 percent to 15 percent) representing the fastest-growing rates. China (from 19 percent in 2006 to 26 percent in 2007) and the United Kingdom (from 6 percent to 11 percent) also feature significant increases.
Reasons Offered: "I needed it because I was in a bind," "It's more convenient than using my wireless connection," "I can't tell if I'm using my own or my neighbor's wireless connection," "My neighbor doesn't know, so it's OK."

-- Accessing work files with personal, non-IT-protected devices: Accessing corporate networks and files with devices that are not protected by an employee's IT team presents security risks to the company, its information and its employees. As the number of remote workers grows, the study reveals an annual rise (45 percent in 2006 to 49 percent in 2007) in this behavior. It's widespread in many countries, especially China (76 percent), the United States (55 percent), Brazil (52 percent) and France (48 percent).
Reasons Offered: "These devices are secure with antivirus and other content security software," "I regularly use these devices to access my network," "My IT department has said it's OK to do so."

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

SUBSCRIBE

Select an Issue April 1, 2008 March 1, 2008 February 1, 2008 January 1, 2008 December 1, 2007 November 1, 2007 October 1, 2007 September 1, 2007 August 1, 2007 July 1, 2007 June 1, 2007 IP Security Supplement May 1, 2007 April 1, 2007 March 1, 2007 February 1, 2007 January 1, 2007 School Security December 1, 2006 November 1, 2006 October 1, 2006 September 1, 2006 August 1, 2006 July 1, 2006 June 1, 2006 May 1, 2006 April 1, 2006 March 1, 2006 February 1, 2006 January 1, 2006 December 1, 2005 November 1, 2005 October 1, 2005 September 1, 2005 August 1, 2005 July 1, 2005 June 1, 2005 May 1, 2005 April 1, 2005 March 1, 2005 February 1, 2005 January 1, 2005 December 1, 2004 November 1, 2004 October 1, 2004 September 1, 2004 August 1, 2004 July 1, 2004 July 1, 2004 June 1, 2004 May 1, 2004 April 1, 2004 March 1, 2004 February 1, 2004 January 1, 2004 December 1, 2003 November 1, 2003 October 1, 2003 September 1, 2003 August 1, 2003 July 1, 2003 June 1, 2003 May 1, 2003 April 1, 2003 March 1, 2003 February 1, 2003 January 1, 2003 December 1, 2002 November 1, 2002 October 1, 2002 September 1, 2002 August 1, 2002 July 1, 2002 June 1, 2002 May 1, 2002 April 1, 2002 March 1, 2002 February 1, 2002 January 1, 2002 December 1, 2001 November 1, 2001 October 1, 2001 September 1, 2001 August 1, 2001 July 1, 2001 June 1, 2001 May 1, 2001 April 1, 2001 March 1, 2001 February 1, 2001 January 1, 2001 December 1, 2000 November 1, 2000 October 1, 2000 September 1, 2000 August 1, 2000 July 1, 2000 June 1, 2000 May 1, 2000 April 1, 2000 March 1, 2000 February 1, 2000 January 1, 2000 December 1, 1999 November 1, 1999 October 1, 1999 September 1, 1999 August 1, 1999 July 1, 1999 June 1, 1999 May 1, 1999 April 1, 1999 March 1, 1999 February 1, 1999 January 1, 1999 December 1, 1998 November 1, 1998 October 1, 1998 September 1, 1998 August 1, 1998 July 1, 1998 June 1, 1998 May 1, 1998 April 1, 1998 March 1, 1998 February 1, 1998 January 1, 1998 December 1, 1997 November 1, 1997 October 1, 1997 September 1, 1997 August 1, 1997 July 1, 1997 June 1, 1997 May 1, 1997 April 1, 1997 March 1, 1997 February 1, 1997 January 1, 1997

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue