SAN JOSE, Ca. – Cisco has released its second study of remote workers and their online behavior. The results revealed that many workers have a disconcerting perception of IT’s role that may jeopardize corporate and personal security.
The study includes responses more than 1,000 remote workers and 1,000 IT decision makers in 10 countries including the United States, United Kingdom, France, Germany, Italy, Japan, China, India, Australia and Brazil. The study was conducted over the summer by an independent third party market research firm, the Connecticut-based InsightExpress, and it builds on another study issued in October around the contradictions in remote workers’ security awareness and actual behavior.
The new study used remote workers’ risky behavior as a backdrop and surveyed their perceptions of IT’s role in protecting them. In turn, IT professionals were surveyed on what they believed their users perceived their role to be.
The study’s results are eye-opening. In six out of the 10 countries, including the United States, more remote workers felt their managers had the authority to control their behavior than IT organizations.
The survey found that American users have a sense of individualism and a strong desire for privacy that can lead to them resisting what they perceive as IT’s encroachment into their private lives – when they are out of the office at home, at a cafe, or in a hotel on business.
All the remote workers surveyed were non-IT professionals, meaning that managers in sales, marketing, accounting, H.R., customer support, operations and other lines of business were perceived to rival or eclipse IT’s authority in managing users’ online behavior.
Aside from managers and IT, 13 per cent of all remote workers felt no one should control their use of corporate devices. 14 per cent of remote workers from the US felt this way.
According to the survey, one of the biggest challenges that chief information officers face is reaffirming IT’s role to end users. 53 per cent of the CIO’s said that their users did not think IT had the right to know how corporate devices were utilized.
Neil Wu Becker, a Cisco spokesperson and project manager of the global research effort, said that an organization’s CIO and CSO should work closely together and form a united front that can engage and secure upper management’s buy-in to driving a security-savvy corporate culture. This means engaging the CEO and their immediate reports.
“Although IT has the mandate to ensure and protect networked operations, they need to develop a collaborative approach with executives, managers, and end users, and starting with the CEO will provide the leadership and authority needed to drive security best practices throughout the company,” Becker said.
As the announcement showed, many mobile workers around the world look at their managers as having more sway over their out-of-office behavior than IT.
“Although the perceived roles of IT and line-of-business managers may be mixed, IT should secure managers’ support in addition to exec teams to communicate best practices and stress the responsibility every employee has in protecting the company, and in turn, themselves,” he said.
There are several steps that companies can take to reduce risky behaviour by employees including adopting a proactive approach that relies on ongoing education, training, and engagement with a user base to ensure they understand and adopt security best practices — especially as users become increasingly mobile and distributed.
“Naturally, developing such a proactive “relationship” will reshape IT’s image from a reactive, back-office cost center to a trusted security adviser that positively impacts operational efficiency by preventing threats from becoming widespread problems.” Becker said.
This will help IT organizations maximize ROI on their security technology investments; for example, marrying technology and interpersonal engagement and not relying on technology alone. This will also help to establish a security-conscious corporate ciulture.
Becker also suggested recognizing and rewarding “security champions” as well as setting good examples for protecting the company.
This column was written by Andrew Horan of eChannelLine USA
