Concerns About Colleagues’ Security Bug CIOs

The average IT manager is more concerned about what their colleagues get up to in the estimated 1.5 hours per day they spend engaged in personal activities on the Internet than about direct attacks from hackers, phishers, and other external threats.

More than half the IT managers surveyed in a recent study by StollzNow for Websense Inc. Australia said that managing employee behavior was the most frustrating part of their job. This was followed by budget constraints (48 percent), lack of time for security (25 percent), IT security being a low priority (23 percent), and ease of deployment (18 percent).

For the 2007 State of Security Report StollzNow surveyed 158 employees and 159 IT managers at Australian organizations with 50 staff or more.

According to the survey, employees estimated they spent 45.1 minutes per day on personal Internet use and a further 85.3 minutes a day on business Internet use. Their IT managers thought this optimistic, estimating that employees at their organizations spent 89.5 minutes – or 1.5 hours – every working day on personal Internet use.

“People are spending an enormous amount of personal time online at work, much of which raises security concerns for both the user and the IT department,” said Joel Camissar, ANZ country manager of Websense.

Employees’ favorite activities while on the web are visiting banking and finance sites (46 percent), reading news and sport (39 percent), accessing personal e-mail such as Hotmail and Gmail (29 percent), and visiting jobs sites (18 percent).

Less common activities included some of the most time-consuming, dangerous, or bandwidth heavy: instant messaging friends (13 percent), playing online video clips, downloading from free software sites (9 percent), visiting games sites (seven percent), downloading music (4 percent) and peer-to-peer file sharing (3 percent). Each presents an easy way for confidential information to leave the organization or for problems to be introduced.

Beyond the web, 53 percent of employees surveyed said they had sent work documents to personal e-mail accounts, 20 percent had opened suspicious emails, 17 percent clicked on pop-up ads, eight percent admitted viewing adult material and three percent had engaged in online gambling. One percent had knowingly distributed confidential documents.

Employees seemed to understand that such digital promiscuity could cost their jobs. Leaking sensitive information was seen to be a dismissible offense by 74 percent of employees, followed by viewing adult content (73 percent) and infecting the company with malicious spyware or a virus (63 percent).

When it came to losing their jobs, IT managers were most concerned about staff leaking confidential information (56 percent saw this as the main reason they could be dismissed). This was followed by introducing viruses (52 percent), accessing inappropriate material (47 percent), and instant messaging abuse (34 percent).

By Len Rust, Computerworld Australia

Len Rust is publisher of The Rust Report.