Employees know better, but still behave badly

Four out of five employees admitted to engaging in some risky behaviors while at work, even though they were aware of cyber-security dangers, according to a new global survey.

The risky behaviors included viewing adult content on work devices, opening emails from unknown senders, downloading apps from outside the official app stores, installed new applications without IT approval, used social media for personal reasons, or used their personal mobile devices for work.

In a survey of 1,580 respondents, only 20 percent said they've never engaged in these behaviors, according to a new study from UK-based technology market research firm Vanson Bourne.

"We're not seeing any changes in the way the average person makes risk choices," said Hugh Thompson, CTO at Blue Coat Systems, a cloud computing security vendor and the company that sponsored the study. "I don't think we'll be able to educate our way out of this problem."

Ironically, employees working in the IT sector were among the worst offenders, with only 12 percent saying that they had not engaged in any of these risky behaviors, second only to charity and non-profit employees, at 5 percent.

Meanwhile, IT employees had above-average scores for being aware of the risks of these behaviors.

The highest level of awareness, overall, had to do with opening attachments from unknown sources and viewing adult content on work devices. On average, 73 percent of respondents rated each of these behaviors it was risky or seriously risky.

Only 2 percent said that opening attachments from unknown senders posted no risks, and only 3 percent said the same about adult content.

However, 20 percent admitted to opening those attachments, and 6 percent to viewing adult content at work.

In other results, 65 percent of respondents knew that using unsanctioned applications was risky or seriously risky, 62 percent said the same for downloading apps from third-party app stores, 55 percent for clicking on video links on social media sites, 46 percent for using social media for personal reasons at work, and 40 percent for using personal mobile devices for work.

However, 26 percent installed unsanctioned applications, 23 percent downloaded risky apps, 31 percent clicked on video links, 41 percent used social media, and 51 percent used personal devices at work.

"I think that in my heart, I have a fundamental belief in education," said Thompson. "That when people know, they'll change behavior. It's weird to see how people approach risks. There's a massive amount of recidivism despite education."

Thompson suggested that companies put mechanisms in place to remind employees of the risks, or to mitigate the risks if behaviors still happen.

"We have to get pretty good in the security industry and the technology industry at creating compensating controls for protecting people behind the scenes," he said.

He also suggested that companies look for creative ways to signal that a particular behavior is risky.

"This is a rich area of research for the security space," he said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags online safetyBlue Coat Systemssecurity awarenessVanson Bourne

More about Blue Coat Systems

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Maria Korolov

Latest Videos

More videos

Blog Posts