Thursday, 21 February 2013

Two thirds of Irish employees would change online behaviour if their employer was watching

Data Solutions, today announced results of a survey which found that 66% of Irish employees would change their online behaviour if they were aware their employer was monitoring their online activity.

Other research highlights include the finding that 17% of those surveyed use the same password for work and personal use. 62% also confirmed they can access social media sites, such as Facebook and YouTube, in the workplace.

The research was commissioned by DataSolutions in conjunction with RSA, The Security Division of EMC and was completed by the Marketing Development Programme, UCD Michael Smurfit Graduate Business School in January 2013. A total of 250 Irish office workers were interviewed in relation to their online behaviours and their knowledge of company security policies.

Respondents were also asked if they would give away their password for a Mars bar. 1 in 25 (4%) said they would give away their password for the chocolate bar. However, when the incentive was increased to a €20 “One 4 All” voucher the numbers willing to reveal their password quadrupled to 1 in 6 (16%).

Due to the abundance of smartphones and tablets and the explosion of BYOD (bring your own device) in the workplace, respondents were also asked if their employers have a policy in place for reporting lost or stolen personal devices that have access to the corporate network. Almost a third (32%) of those surveyed said they don’t know if any such policy is in operation in their workplace.

David Keating, security sales manager, DataSolutions commented on the survey findings, “We decided to conduct this survey following the results received from a similar survey late last year, in which 278 Irish IT managers were interviewed. In that survey we found 80% of Irish IT professionals were more concerned about the actions of careless employees than hackers. Given these results, we wanted to see how Irish employees themselves viewed IT security and there are some interesting findings.

“With 17% of employees admitting to using the same password for work and personal activities they are potentially exposing the company to a number of cyber threats. If we take for example, the LinkedIn security attack in 2012, where 6.5 million passwords were compromised, the potential risk of using the same password for personal and work activities becomes clear. LinkedIn contains a lot of information on an individual’s place of work, company information and quite often provides their work email address. This could have been a catastrophe if even one of these passwords was used to access a company’s network by the wrong people.

“The large percentage of employees who would change their online behaviour if they knew their employer was monitoring them, leads us to question what they are doing online. In the majority of cases we can assume it is something innocent such as accessing social networking sites. However, employees need to be aware of the potential IT security threats from their online activities and ensure they are not doing anything to compromise the integrity of the company’s network.

“In order to maintain the integrity of its information and data, organisations need to be educating employees around the importance of IT security and highlighting their responsibilities. It only takes one employee to accidentally or purposefully give away their password or misplace a mobile phone to compromise the entire company. This will have serious consequences for the organisation’s future survival.”

Jason Ward, Ireland Country Manager for EMC, which owns IT security company RSA, said, “The survey results point to an underdeveloped appreciation among Irish employees and employers of the importance of robust IT security practice, particularly given the vulnerability of organisations to new cyber threats that are persistent, dynamic and intelligent.

“Increasingly, the human firewall is being breached, with cyber criminals shifting their focus from technology to people, in an effort to infiltrate organisations through inadequate perimeter defence mechanisms. To raise awareness of this, we have created a 12-question Workplace Security Risk Calculator – at – which workers can use to assess how their everyday activities could be exposing their organisation to risk.

“Irish businesses need to defend themselves from attack through intelligence-driven information security, collecting reliable cyber security data and researching prospective cyber adversaries to better understand risk and learn about why and how attacks occur. Organisations need to develop new skills in the IT team to produce and analyse intelligence and identify normal and abnormal system and end-user behaviour in the IT environment.”

DataSolutions and UCD Smurfit School will present the results of these findings in more detail at the Secure Computing Forum on the 7th March 2013 in the Gibson Hotel, Dublin.