Remote workers, a ticking time bomb

Remote workers are wreaking havoc on their networks. A recent study commissioned by Cisco found that teleworkers are putting security at risk.

Remote workers around the globe are engaging in risky network behavior, despite being aware of the security problems such actions could pose. This is according to a new study released by Cisco and Insight Express, an independent surveyor.

The study, which polled 1,000 remote workers in 10 countries, found that teleworkers frequently hijack neighbors' wireless networks, share computers with non-employees and open email from unknown sources.

The results are a concern, said Bruce Murphy, Cisco's vice president of advanced services, because the number of remote workers is on the rise. And as that number rises, so does the potential for risks.

Confirming Murphy's concern is a recent survey conducted by Yoh, a talent and outsourcing services provider, which found that more and more companies are allowing employees to work remotely.

According to the Yoh survey, which polled nearly 200 human resources managers, 81% of hiring managers have policies in place that allow employees to work remotely. Of the managers surveyed, 25% said they have policies in place letting employees work from home, while 13% said employees can work in a satellite office. Nineteen percent said they have no teleworking options, while 44% said they have remote working options other than at home and satellite offices.

The Yoh study also found that 67% of hiring managers believe the number of remote employees will increase in the next two years. When asked about the likelihood of more telecommuters in two years, 44% responded it is likely, while 23% said it was somewhat likely.

While many of the end-users in the Cisco survey admitted they are cognizant of the security risks tied to their behavior, a large number admitted they don't always follow the secure path. For the purposes of the survey, remote worker respondents had to be at least 22 years old; employed full or part time; work with a company-issued desktop, notebook, PDA or smartphone; and connect to their company's network from a remote location at least a few times per year.

"Peoples' actions speak louder than their words," Murphy said. Overall, he said, the survey found that the perceptions and behaviors of remote workers can heighten the security risks for IT shops.

Two out of three teleworkers surveyed -- 66% globally and 68% in the U.S. -- said they are well aware of security concerns while working at home, in a café or on the road in a hotel. Still, globally 29% said they use their work computers for personal use, while a disproportionate 40% said they purchase personal items using their work computers. In the U.S., 30% of remote workers said they use their computers for personal matters, while 46% said they buy personal items using work computers.

According to the survey, 21% of remote workers surveyed globally allow friends, family members and other non-employees to use their work computer for Internet access. The U.S. falls a little short of the norm with 19% of users allowing others to use their work devices, while China had the highest number with 42%.

End users also provided somewhat comical reasons for allowing others to use their computers, such as "I don't see anything wrong with it" or "My company doesn't mind me doing so" and "Co-workers do it."

When it comes to hijacking a neighbor's wireless Internet access, 11% of global respondents and 12% of U.S. respondents said they've done it and provided reasons like "I needed it because I was in a bind" or I can't tell if I'm using my own or someone else's wireless Internet connection" or "My neighbor doesn't know, so it's OK" and "It's more convenient than using my wired connection."

From an IT perspective, one of the most startling finds, Murphy said, is that one out of every four remote workers surveyed -- 25% globally -- said they open unknown email on work devices. The U.S. was on par with the rest of the world; 24% of end users said they open email from unknown sources while working remotely. Additionally, 6% of U.S. end users surveyed said they open email and attachments from unknown sources, while 54% said they leave the email unopened and either delete it immediately or notify IT.

Jeff Platon, Cisco's vice president of Security Solutions Marketing said unsafe behavior by remote workers poses a significant risk for IT.

"To highlight the U.S. example, the unsafe behavior of 11 remote workers in a company of 100 can bring down a network or compromise corporate information and personal identities," he said. "It only takes one security breach. For large enterprises with tens of thousands of workers, especially those with global workforces and differing business cultures, the potential risk is even more challenging."

Murphy said the survey's results illustrate an opportunity for network managers and security officers to join forces to become more proactive in protecting their businesses and reshaping their role in the eyes of end users.

"Become more proactive and make [end users] aware of what their behavior can do," he said. "Communicate in a constructive and meaningful way. There is a lot of gray and a lot of nuance in these different areas, but it all ties back to education. The challenge becomes understanding."

Platon agreed. "IT must play a more strategic role, and to do that they need to develop stronger relationships with users to prevent threats from sabotaging efficiency and personal identities," he said. "This study illustrates a golden opportunity for IT to elevate its role from a reactive, back-office function. IT has the opportunity to be progressive -- to maintain a steady dialogue with users, to implement educational programs tailored to different business cultures and user groups, and to weave security best practices into corporate cultures. Driving this cultural change can help maximize the value -- and safety -- of teleworking, especially at a time when businesses are becoming extremely mobile."


Read more on IT for small and medium-sized enterprises (SME)