FutureShield: 7 security rules employees love to break

NEWS

Mar 12, 2008 - B.C. Hydro puts threat risk assessment software to the test

Mar 12 2008 - Digital Facility Mapping is Changing Emergency Evacuation and Management

Dec 7 2007 - 7 Security Rules Employees Love to Break

FEATURE ARTICLE

Mar 11 2008 - IronKey vs Bobcat: IronKey Durability Test. In this YouTube video, an IronKey survives being run over by a Bobcat tractor. Watch it now.

Numbers: 7 Security Rules Employees Love to Break

New study shows that many users are taking risks with data security, either because good policies don’t exist or aren’t enforced

By Katherine Walsh

New research from the Ponemon Institute finds that either companies are not setting, or employees are not following, data security procedures in several high-risk areas. “Data Security Policies Are Not Enforced,” a survey of 893 corporate IT workers, examined the risks associated with storing and transporting sensitive information and looked at how well companies are implementing and enforcing policies to protect against this risk. Below are seven areas where employees are breaking the most rules or being most careless.

1. Copying confidential information onto a USB memory stick: Eighty-seven percent of respondents believe their company’s policy forbids it, yet 51 percent say they do it anyway.

2. Accessing web-based e-mail accounts from a workplace computer: Forty-five percent of those surveyed use webmail at work; 74 percent say there is no stated policy that forbids it.

3. Losing a portable data-bearing device: Thirty-nine percent of respondents say they have lost or misplaced such a device, and 72 percent of them did not report the lost device immediately.

4. Downloading personal software onto a company computer: Sixty percent of respondents say there is no stated policy that forbids downloading personal software, a practice that 45 percent of respondents admit to.

5. Sending workplace documents as an attachment in e-mail: Thirty-three percent of respondents send work documents as attachments, and 48 percent aren’t even sure whether or not that violates policy.

6. Disabling security and firewall settings: Eighty percent of those surveyed don’t know whether disabling security is against policy; 17 percent of respondents do it.

7. Sharing passwords with co-workers: Sixty-seven percent say the company’s policy forbids sharing passwords, but 46 percent of them do it anyway.