Remote workers indulge in risky behavior 24 February, 2008 By Vanessa Ho

PromoPipeline Exclusive Channel Promotions Find Out How You Can Make Money Today! ENROLL FREE! >> Factory Direct Should Not be Cheaper William Vanderbilt - Innovative Learning Channels Cloud Ecosystem II: A Candid Conversation with Oracle Beth Vanni - Amazon Consulting Cloud Ecosystem: A Candid Conversation with Rackspace Hosting Beth Vanni - Amazon Consulting Channel Manager Compensation William Vanderbilt - Innovative Learning Channels Financial Expertise William Vanderbilt - Innovative Learning Channels

"Remote access and the distributed workforce are here to stay," said Patrick Gray, senior security strategist with Cisco Systems. "It gives companies around the world competitive advantages, operational efficiency, opportunities for businesses growth and [telecommuting] benefits from the increase use of the Internet but underneath all of that fabric there is a decrease sense of urgency [around IT security] among remote workers that is troubling."

The study surveyed more than 2,000 remote workers and IT professionals from various industries and company sizes in 10 countries that include the United States, United Kingdom, France, Germany, Italy, Japan and China.

According to the findings, 56 per cent of the remote workers surveyed were significantly more likely to agree that it is safer to connect to the Internet today than it was a year ago and agreed that working remotely does involve some security risk.

However, while the study noted that remote workers recognize there are risks involved with telecommuting, their behavior doesn't align with the recognition of risk, said Fred Kost, director of security solutions marketing with Cisco Systems.

He added that some of the behavior that remote workers engage in that pose a risk include opening e-mails and attachments from unknown or suspicious sources; using work computers and devices for personal use; allowing non-employees to borrow work computers and devices for personal use; hijacking wireless Internet connections from neighbors; and accessing work files with personal, non-IT-protected devices.

Some of the reasons respondents gave include: "I don't see anything wrong with it," "These [personal] devices are secure with antivirus and other content security software," "I regularly use these devices to access my network," "My IT department has said it's OK to do so" and "My company doesn't mind me doing so."

Remote workers across all of the countries agree that IT and managers should be responsible for keeping tabs on personal use of work computers.

Kost added organization should allow remote workers to use their devices for personal use as it could lead to productivity gains and a morale boost, but they should also make sure that their workers understand the risks involved and make them aware of corporate policies they have to adhere to.

In terms of hijacking a neighbor's wireless connection, respondents said that they did so because there were in a bind, that it was more convenient that using their own wireless connection and that it was okay to use it because their neighbors didn't know.

Other findings include more than half (55 per cent) believed their remote workers were becoming less diligent toward security awareness, an 11 percentage point increase from the year before. This perception shift may be a result of the threat landscape's evolution from overt to covert attacks.

"It gives this false sense of security," said Gray.

Another finding is that remote workers felt less urgency to be vigilant in their online behavior. Kost said that there is less urgency because there is a technological perception that if a remote worker is not connected to their corporate network then they can go anywhere they want on the Internet and not infect their company's network.

"But you could be browsing sites that have malware on them and when you connect back you can then introduce that malware into the corporate network," said Kost.

In order to protect an increasingly distributed workforce, Kost stressed the importance of user education so they can understand what the risks mean and help companies enforce corporate policies for compliance issues as well.

"There are some technologies you can put in place to deal with some of these risks like having software on endpoints and looking at devices connecting to the network [but there needs to be] a balance between education and policy with some technology," said Kost.

Gray added that he believes that in the future remote workers will become more diligent.

"Organizations are getting better in understanding online threats today; it is getting that knowledge imparted on remote workers. We will get there pretty quickly this year," he said.