Nearly eight out of 10 public sector employees ignore
information security policies and indulge in insecure behaviour,
according to a survey of IT and information security managers in
1,000 large and medium firms in the public sector, finance, law,
manufacturing and media sectors.
The research, conducted by
SafeBoot, a supplier of mobile data encryption technology, was
done before a spate of revelations of data leakage headed by the
HMRC's loss in the post of personal and banking details of 25
million child benefit recipients.
Overall, the research showed 59% of firms spent less than 10% of
their IT budgets on security, even though 82% (88% of public sector
firms) had a security policy. Most firms communicated the policy
using memos (34%) and e-mail (29%).
Some 54% of respondents said at least half of their employees
ignored the firm's security policy. But this rose to 79% for public
sector staff.
Staff who ignore the policy (39%) do so because they do not take
it seriously. One in five is ignorant of the threat posed by data
leakage however, this rises to 51% for public sector staff.
Public sector staff scored worse that private sector staff in
nearly every category of unsafe behaviour. Nearly nine of 10 would
open unknown e-mails compared with seven out of 10 on average.
Three-quarters would connect an external device such as an iPod or
digital camera to their work PCs, and 71% would download company
data. Nearly six of ten used unencrypted USB memory devices, and
35% transported data unencrypted on mobile devices.
Survey results
In your opinion what percentage of employees ignore your
security policy?
% Response Overall Finance Public Sector Legal
Manufacturing Media
10 - 25 per cent 19
37 3 44 5
6
25 - 50 per cent 27 14
18 32 32 39
50 - 75 per cent 38 32
56 18 48 36
75 - 100 per cent 16 17
23 6 15 19