US government and corporate workers have said in a
survey that they engage in behaviour that puts the sensitive
information of their organisations at risk.
An
RSA "person-on-the-street" survey has revealed that the actions
of well-meaning corporate and government employees are putting data
at risk, and highlights the need to closely manage information
risk, said RSA.
The survey polled an unspecified number of government and
corporate office workers in Boston and Washington DC on their
work-related security behaviours and attitudes.
The results provide a snapshot of the
everyday actions of trusted insiders who have access to
sensitive data, such as customer information, social security
numbers, credit card data, company financials and intellectual
property.
The survey results indicate that trusted insiders may work
around unmanageable security policies in order to get their work
done.
For instance, employees who do not have remote access may e-mail
a document to their personal email address so they may work on it
later from home - an action that violates most organisations'
stated security policy.
The survey found that 35% of respondents have felt the need to
work around their organisation's established security policies and
procedures just to get their job done.
In addition, 63% frequently or sometimes send work documents to
their personal e-mail address so that they can access them from
home.
The results also show that employees depend on
remote access to corporate information while on the road,
waiting at airports or working in coffee shops.
The survey revealed that 87% frequently or sometimes conducted
business remotely over a virtual private network or web mail, and
56% frequently or sometimes accessed their work email via a public
wireless hotspot.
The survey showed that 65% frequently or sometimes leave their
workplace carrying a mobile device such as a laptop, smartphone or
USB flash drive that holds sensitive information related to their
jobs.
But 8% admitted they had lost such a device with
corporate/organisational information on it.
The full survey with further security black holes that firms
must fill with better security is available on the RSA website.