Understand human perceptions and behaviors

In times when working from home or SOHO concept is fast gaining popularity and acceptance, a grave concern is emerging wherein remote workers in spite of being aware of security issues are indulging in behavior that includes sharing work computers with non-employees, opening unknown emails, and hijacking neighbor’s wireless networks.

The global study reveals behavioral findings among mobile wireless workers that spotlight the human side of security as businesses and IT organizations empower more and more employees to remain connected outside of their offices.

It reveals findings gleaned from more than 700 mobile employees in seven countries that have adopted wireless technologies widely: the United States, United Kingdom, Germany, China, India, South Korea, and Singapore.

The survey also includes findings from IT decision makers to gauge the security investment need in light of workforce getting increasingly mobile.

An online survey was fielded to 1,420 wireless mobile workers and IT decision makers across 7 countries. The sample consisted of approximately 100 IT decision makers from US in North America, UK and Germany in Europe. The study also covered Korea, China, Singapore and India between May and June 2007.

Screening criteria

The global survey commissioned by Cisco had IT respondents who were required to have some influence on security policies and purchase decisions for IT-based wireless/security technologies. The respondents were wireless mobile worker respondents within 22 years of age, employed full time as a non-IT professional. They were also required to work with a laptop, smart phone, and/or Internet-enabled PDA provided by their company

Commenting on the global survey, Mahesh Gupta, business development manager, Cisco India & SAARC said that businesses are increasingly entrusting more and more employees with access to corporate information anywhere outside of the office, and this doesn’t need to be a growing concern – not if the proper security technology and IT-user engagement model is in place.

Detailed findings

Nearly two-thirds of respondents have signed a security agreement regarding internal data. The proportions across the countries did not vary significantly. Of those who have signed security agreements, more than two-thirds claim to always adhere to these agreements. This is primarily driven by respondents in the US (more than 8 in 10). Those in Korea and Singapore have the highest proportions of respondents who indicated they adhere to these agreements only some of the time.

Interestingly, more than four in 10 respondents who don’t always adhere to their security agreements said it is because they are too busy to consider policies. Overall, respondents are evenly split as far as receiving and not receiving IT training on security risks and controls. However, those in China and India are most likely to indicate their IT departments offer security training sessions

Slightly more than two in five respondents overall are sometimes concerned with security when using a wireless device to access their company’s network, while more than a quarter have little or no concern for security. Employees in Singapore and India are more likely to always have these concerns.

In total, the majority of all respondents who showed occasional or no security concern feel this way since they are only sending small files or e-mails on wireless devices, they are in a hurry, or they feel it’s IT’s job to be concerned with security. More than four out of the 10 total respondents said they do protect the data on their wireless devices at least some of the time, while almost two in 10 never protect the data. Two in three respondents who do not protect data on their wireless devices indicated that they do not know how to set up encryption or passwords.

Overall, the majority of respondents have not encountered any of the listed security issues in the past three months. Those in China and Korea are most likely to have borrowed another’s wireless connection either at home or remotely. They also are most likely to have lost their laptop PC or left it exposed in their car. Nearly two-thirds of respondents indicate that they never borrow someone else’s wireless connection. However, a third of respondents are borrowing connections at least sometimes.

For respondents who at least occasionally borrow a wireless connection, the primary reasons for doing so are because they don’t have another means of connecting to the Internet, their wireless connection is not working or it is just more convenient. While more than half of respondents would delete a suspicious e-mail without opening it more than a third would open the email and almost one in 10 would open attachments. Employees in China and India are the most likely to open the email and possibly the attachments.

IT Decision makers: detailed findings

Virus containment is the largest security incident among wireless devices in the past year. Both China and India have higher levels of unauthorized access to information and hardware theft.

In total about two in 10 respondents indicated that security incidents have increased on wireless mobile devices in the past year, and three in 10 respondents in India indicate an increase in the past year.

A third of respondents in both India and China feel that security incidents will increase in the next year. Respondents overall are evenly split among the levels of security that they use. Those in China and India are significantly more likely to use a VPN than Europeans.

Almost 60 per cent respondents in India indicated that they do not have a Wireless Intrusion Detection System.

In India, 47 per cent of the respondents indicated that all data is backed up at remote location and 70 per cent stated that their company encrypts both data transmission and data storage. In total, more than half agree that regulatory compliance initiatives are driving attention to wireless security. The countries where this is the biggest driver are Singapore, China and India.

In total, security spending to accommodate wireless and mobile connectivity next year is expected to increase by 20 per cent for the majority of respondents. 36 per cent of respondents in India predict the increase in security spending will be between 10-20 per cent.

The two main reasons for all countries including India for the increase in spending for lost devices are more mobile users and the company is growing/hiring more people. The majority of respondents in total are focusing education efforts equally between wired and wireless security. In India 41 per cent of respondents are focusing on wireless security while 42 per cent are focusing on both wired and wireless security.

Gupta said that in light of the indicative trends pointed by the survey, it is clear that along with increasingly remote and mobile workforces, IT must find a way to communicate security policies to their remote users and prevent unsafe behavior by communicating security best practices.

“Technology solutions alone cannot build a corporate security culture. As this research shows, understanding human perceptions and behaviors play critical roles in successfully building a security-conscious company. Without a commitment to proactive communication and education, IT organizations will fall short in their efforts to protect their business and employees,” Gupta said.

“IT needs to initiate open communication by building strong relationships with influencers and garnering the endorsement of upper management to communicate security policies to end users. As an education-based advisor, IT can take dramatic steps in driving the adoption of security policies, and in doing so, develop comprehensive corporate security cultures that protect business continuity,” he added.