The blurring of work and life boundaries creates gaps through which valuable corporate data leaks, network supplier Cisco has warned.
A survey of 2,000 businesses and IT professionals in 10 countries, blamed the way people use mobile phones, laptops, Web 2.0 applications, video and other social media for leaving holes in the defensive perimeter that surrounds corporate data.
Businesses want staff to work away from the office for longer, said Chris Burgess, Cisco's senior security advisor.
"That leaves people with very little time to themselves, so they have to do their personal stuff whenever they can. That means they trade-off security for necessity and blur the lines between the tools and the time they use for business and after-hours activities," he said.
Burgess said people behave differently in different countries. Although the threats are common in all countries, different dangers prevail in different regions. "Global firms need to be aware of the cultural differences when they design their security policies," he said. "It is definitely a case of think global, act local."
The most common risks:
• Use of unauthorised applications such as social network sites, music downloads and online shops. These made up half of all data loss incidents.
• Unauthorised access to parts of the network or facility. This was worst in China (66%).
• Changing the security settings on computers, usually to get into unauthorised websites. A third of people surveyed said it was no one's business which sites they accessed.
• Sharing sensitive corporate information with non-work people, mainly to bounce ideas off them or to vent frustrations.
• Nearly half of people shared their corporate devices with others without supervision.
• Nearly 66% admitted using work PCs and communications devices daily for personal use such as e-mailing friends, music downloads, shopping, banking, blogging, and participating in chat groups.
• One in three staff leave their desktop and laptop computers logged on and unlocked when they are away from their desk.
• One in five stores their system log-ins and passwords on their computer or writes them down and leaves them on their desk, in unlocked cabinets, or pasted on their computers.
• Some 22% take corporate data outside the office on portable storage devices.
• One in five firms allow outsiders to roam offices unescorted.
Preventative measures include:
• Knowing how, when and where your data is collected, stored, accessed, and used.
• Persuade people to treat data as if it is their own money.
• A security policy that will encourage good behaviour by default.
• Consistency, so that people trust the system and each other
• Training and education of staff and business partners in secure behaviour.
"Data protection requires teamwork across the company. It is not just an IT job any more," Burgess said.
The study surveyed 1,000 employees and 1,000 IT professionals from various industries and company sizes in 10 countries: the US, UK, France, Germany, Italy, Japan, China, India, Australia, and Brazil. The countries represent a diverse set of social and business cultures, established and emerging network-dependent economies and varied levels of internet adoption.