One of the biggest threats to companies’ IT security is their employees. According to a survey by Micro Trends, employees are rather cavalier when weighing corporate security concerns against their own individual needs. Users
in the U.S., U.K., Japan and Germany were surveyed for the study.
Respondents showed more concern for their own privacy and security than for companies’. Among U.S. employees, 36 percent said that loss of personal information was their most important security concern at work, while 29 percent were concerned about the loss of corporate information.
Fifty percent of respondents said they had divulged company information through unsecured email.
Mobile workers are more liable to divulge employers’ information than office-bound ones. Sixty percent of mobile workers responded that they had sent out confidential company information via IM, email or social media, compared to only 44 percent of stationary workers.
Loss of corporate information and damage to corporate reputations were the smallest of respondents’ concerns.
In the U.S., 8 percent of employees overrode company security to visit restricted websites, lower than respondents in Western Europe but the same as those in Japan.
This lack of concern for organizational security reaches as far as the federal level. Federal agencies are put most at risk by employee use of Fire Transfer Protocol (FTP). This despite the fact that the House of Representatives passed the Secure Federal File Sharing Act, which prevents employees from using P2P sharing sites, in March.
If legislation – and a $7.9 billion investment in federal cybersecurity – can’t stop this at the federal level, what kind of steps can companies take, in your opinion?