Wave Systems Corp. (fka WAVXQ)

[Fullmoon]

Mobile workers are leaking your data

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9115942&source=NLT_SEC&nlid=38

October 1, 2008 (Network World) Numerous behavioral risks taken by employees in increasingly distributed and remote locations can lead to the loss of corporate information, according to a study commissioned by Cisco Systems Inc.

Cisco, which is banking a large chunk of its growth on collaboration, says that as workforces become increasingly mobile, lines are blurring between work life and personal life. This could lead to risky or reckless use of company IT resources, resulting in leakage of sensitive data, the company says.

"Businesses are enabling employees to become increasingly collaborative and mobile," said John Stewart, Cisco's chief security officer, in a statement. "Without modern-day security technologies, policies, awareness and education, information is more vulnerable."

The study, conducted by InsightExpress LLC and commissioned by Cisco, is based on surveys of more than 2,000 employees and IT professionals in 10 countries. It is intended to examine security and data leakage implications for businesses as employee lifestyles and work environments are becoming increasingly untethered from a fixed location. It also identifies common data leakage mistakes and risk management opportunities among workforces around the world as this new workplace paradigm is increasingly adopted.

The study surveyed 1,000 employees and 1,000 IT professionals from various industries and company sizes in 10 countries: the U.S., the U.K., France, Germany, Italy, Japan, China, India, Australia and Brazil. The countries were chosen because they represent a diverse set of social and business cultures, established and emerging network-dependent economies, and varied levels of Internet adoption, Cisco says.

According to Cisco, these were the 10 most noteworthy behavioral findings:

1. Altering security settings on computers: One out of five employees altered security settings on work devices to bypass IT policy so they could access unauthorized Web sites. More than half said they simply wanted to access the site while one-third said, "it's no one's business" which sites they access.

2. Using unauthorized applications: Seven out of 10 IT professionals said employee access of unauthorized applications and Web sites ultimately resulted in as many as half of their companies' data loss incidents. This belief was most common in the U.S. (74%) and India (79%).

3. Having unauthorized network/facility access: In the past year, two out of five IT pros dealt with employees accessing unauthorized parts of a network or facility. Of those who reported this issue, two-thirds encountered multiple incidents in the past year and 14% encountered this issue monthly.

4. Sharing sensitive corporate information: One out of four employees admitted verbally sharing sensitive information with nonemployees, such as friends, family or even strangers. When asked why, some of the most common answers included, "I needed to bounce an idea off someone," "I needed to vent" and "I did not see anything wrong with it."

5. Sharing corporate devices: Almost half of the employees surveyed share work devices with others, such as nonemployees, without supervision.

6. Blurring of work and personal devices and communications: Almost two out of three employees admitted using work computers daily for personal use. Activities included music downloads, shopping, banking, blogging and participating in chat groups. Half of the employees use personal e-mail to reach customers and colleagues, but only 40% said this is authorized by IT.

7. Leaving devices unprotected: At least one in three employees leave computers logged on and unlocked when they're away from their desk. These employees also tend to leave laptops on their desks overnight, sometimes without logging off, creating potential theft incidents and access to corporate and personal data.

8. Storing log-ins and passwords: One in five employees store system log-ins and passwords on their computer or write them down and leave them on their desk, in unlocked cabinets or pasted on their computers. In China, 28% of employees reported storing log-ins and passwords to personal financial accounts on their work devices.

9. Losing portable storage devices: Almost one in four employees carry corporate data on portable storage devices outside of the office.

10. Allowing "tailgating" and unsupervised roaming: More than one in five German employees allow nonemployees to roam around offices unsupervised. The study average was 13%, and 18% have allowed unknown individuals to tailgate behind employees into corporate facilities.

Cisco says these findings can help companies sculpt global risk management plans. To prevent data loss, the company recommends practices such as these for preventing data loss:

• Establish security awareness, education and training.

• Know how/where data is stored, accessed and used.

• Protect data as if it were money. Educate employees about how data protection equates to money earned and data loss equates to money lost.

• Institutionalize standards for safe conduct by determining global policy objectives and creating localized education tailored to a country's culture and threat landscape.

• Foster a culture of trust between employees and IT.

The study's release comes shortly after a Cisco executive noted the security vulnerabilities of virtualization and cloud computing during an industry trade show keynote address. Cisco is also relying heavily on these market trends for its future growt