1. Page 1 of 3
Survey: Computer Users Remain Risk Takers
By Lawrence M. Walsh, CMP Channel
9:37 AM EDT Mon. Oct. 09, 2006
Globally, two-thirds of employees are cognizant of security risks when working remotely on company machines. That's the
good news. Of course, the converse is that one-third connect blindly to the Internet, in spite of hacking, theft and malware
According to quot;Perceptions and Behaviors of Remote Workers & Security Considerations for IT Organizations,quot; a study by
Cisco Systems and Insight Express, end users are aware of security concerns, but often act contrary to best practices for
protecting themselves, their machines, corporate networks or their data.
The online survey, conducted this past summer, queried more than 1,000 remote workers in 10 countries from every region
of the globe. Users in China (78 percent), Australia (75 percent) and the United Kingdom (72 percent) reported the greatest
level of security awareness. India (52 percent) and Japan (59 percent) posted the lowest awareness level. The United
States was slightly above average, with a 68 percent awareness rate.
The security awareness rates are really not too surprising, since surveys during the past several years have shown similar
results. However, the Cisco/InsightExpress study reveals the often contradictory actions of end users who unnecessarily
expose them and their work computers to security threats.
For instance, less than one-third said they use work computers for personal use. However, roughly half went on to say they
use work computers for personal online purchases. Again, nearly half (46 percent) said they download personal files to
their work machines and download business files to their personal computers (often unprotected to the same degree as a
business machine). The chief reasons for using a work computer for personal use: quot;I'm alone and have spare timequot; and
quot;My company doesn't mind.quot;
One in five will allow someone else to use their work computer to access the Internet, with the worst offenders in China (42
percent), Italy (31 percent) and Brazil (27 percent). Although the survey administrators didn't ask the reason for sharing
work computers, they speculate that a low deployment of personal computers in these countries forces many to use their
friends' and their own work machines for personal use. When asked why they allow others to use their work machines, the
overwhelming majority said they didn't see anything wrong with it or that their company doesn't mind.
A little better than one in 10 are accessing open wireless access points (their neighbors' or a business') to connect to the
Internet. Most said they would hijack a connection because they were in a bind and needed to get online. But a large
number said they either can't tell when they're accessing their own or someone else's access point, or setting up a wireless
network is too difficult.
The survey shows risky usage practices, but it appears that most users understand the danger of opening unknown e-mail
attachments. Only 25 percent said they open unknown e-mail and attachments on their work computers; the best
awareness rate was posted by Japan (14 percent), Brazil, France and Italy (15 percent each), and Australia (16 percent).
The United States came in just below the global average with 24 percent. The worst offender: China (57 percent).
The good news on unknown e-mail stops there. Survey respondents are often befuddled by what to do when they do
2. Page 2 of 3
receive an unknown e-mail. Only one-third said they would delete it immediately without opening it. Thirty-eight percent
said they would open the e-mail but would not open any attachments; although this sounds safe, it could still expose the
machine to self-activating malware. Six percent said they would open the e-mail and any attachments.
While the survey shows a majority of corporate remote users around the world are acting safely on work computers, a large
number continue to expose themselves, their machines and company data to threats. Cisco plans to follow up with another
survey to probe deeper into the reasons behind some of these risky behaviors. The immediate takeaway is that companies
must do more to raise user security awareness and change risky computing habits.
NEXT: Key survey results
The following are key results from the Cisco Systems/InsightExpress quot;Perceptions and Behaviors of Remote Workers &
Security Considerations for IT Organizationsquot; survey.
Are you aware of security risks when using your work computer?
France: 65% Brazil: 65%
Do you use your work computer for personal use?
Italy : 30%
Do you open unknown e-mails with your work computer?
Do you allow others to use your work computer?
3. Page 3 of 3
Do you access your neighbor's wireless access point?
Do you download personal files to your work computer?
Do you download business files to your personal computer?
Copyright 2006 CMP Media LLC.