Slashdot Mirror

← Back to Stories (view on slashdot.org)

One-Third of Employees Violate Company IT Policies

Posted by Zonk on from the yeah-but-they-were-all-bad dept.

BaCa writes with a link indicating that a survey of white collar US workers shows that something like a third of all employees break IT policies. Of those, almost a sixth actually used P2P technologies from their work PCs. Overall, the survey indicates workers aren't overly concerned about any kind of security: "The telephone survey found that 65% of white-collar professionals are either not very concerned or not concerned at all about their privacy when using a workplace computer. A surprising 63% are not very concerned or are not concerned at all about the security of their information while at work. Additionally, most employees have the misconception that these behaviors pose little to no risk to their companies."

9 of 320 comments (clear)

  1. I don't believe it by stoolpigeon · · Score: 5, Insightful

    I'm guessing a more accurate headline would be: One-Third of Employees Admit to Violating Company IT Policies
     
    The rest just didn't let on - because there is no way the number is that low. Or they didn't outright lie, they just didn't even know they had violated company policies.

    --
    It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
    1. Re:I don't believe it by ewhenn · · Score: 4, Insightful

      it's not even dangerous on the level that requiring 20 different, complex, constantly changed passwords is.



      Personally, I find that this constand password actually *lowers* security. I would like to present myself as an example. We have to change our passwords to something with 3 of 4 items (CAPS,lowercase,numbers, and Special characters). We are required to change our password monthly. So instead of having a nice secure password like "jd%2MdEP!7rqA" that I can remember say... once a year.. I just do something like "Aotepad1"..next month "Botepad1"...next month "Cotepad1" so I can remember the damn thing. Each application requires it's own password, so requireing the average user to constantly change them is going to make them go with poor password choices instead of strong ones.

      Sometimes too much "security" is weaker security.
    2. Re:I don't believe it by GreyyGuy · · Score: 4, Insightful

      Exactly. Between email retention policies, internet usage, and everything else, I would not be surprised if over 90% of people have violated them. Check your yahoo email at work? Violated company policy. Plugged in a USB drive or your iPod? Probably violated company policy. Installed non-approved software? Anything from IM software to Open Office to spyware checker to p2p software. Violated company policy. Sent your friend/spouse/significant other/family member and email from your work account? Violated company policy. Viewed something risque online at work? Even if not intended, that probably violated company policy.

      Silly to think of things that trivial can count, but there are reasonable reasons for them. The problem is that they are all general and not focused on if the person intended to violate them. I would not be surprised if one third of people knowingly violated their company policy.

    3. Re:I don't believe it by mrchaotica · · Score: 4, Insightful

      I often need third-party libraries when I'm developing my software so I just get them off the Internet (sometimes virus checking them if I remember).

      In this case, virus checking is the least of your worries. If you're including those third-party libraries in your software, you need to be getting them approved by your legal department to make sure you're not creating huge copyright violations.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  2. Unreasonable Policies by bazald · · Score: 5, Insightful
    Some policies just aren't reasonable or well thought out. This article is clearly blowing the issue out of perspective by not separating out different behaviors.

    Checking personal e-mail from a work computer-- 73% of those who have done this at work believe it is not risky, despite the fact that they could unknowingly download a virus that infects the corporate network. Wow, really? I'll stick to those corporate virus-free e-mail accounts from now on. Are they also completely free of spam? That would be nice too.
    --
    Insert self-referential sig here.
  3. It's a cat and mouse game with IT by rrohbeck · · Score: 4, Insightful

    Blacklists=>Proxies
    Traffic filters=>TOR
    etc. etc.

    But the real problems are still caused by moron employees who double click on an attachment they got via email. Just happened again last week. The problem isn't people who don't adhere to policies, it's employees who don't have a clue.

    And what's wrong with reading Slashdot while you're slacking off with a coffee for a couple of minutes? I'd consider an employer a slave driver if they have a problem with that.

    --
    thegodmovie.com - watch it
  4. Re:What they don't say by moderatorrater · · Score: 5, Insightful

    What I've noticed more of is that there's the "Company IT Policy" (tm) and the actual acceptable use policy. On paper you're not allowed to put any personal files on the computer, browse any non-work-related sites, or use a messenger client. In reality, you can bring in your own music or any work-related programs as long as you take the flak for illegal things, browse sites but only for a reasonable amount of time, and the same for messenger.

  5. Re:of course by Aetuneo · · Score: 4, Insightful

    So most people realize, on some level, that the purpose of many of these rules is to make the people administering the network feel safer? For example, if you a company is sued by the RIAA/MPAA on the basis of someone on their network downloading music/movies illegally, they would have the protection of that being against their policies, so they can either fire that person for violating the policies, or pass on the lawsuit (for example, suing that person in turn). Thus, if you know what you are doing, it doesn't matter if it is against the rules unless attention is drawn to it - and unless it is harmful, the worst that would happen is probably a slap on the wrist, and perhaps not even that.

    --
    Everything is subjective.
  6. Re:most employees... by ivan256 · · Score: 4, Insightful

    You really have no grasp on reality, do you?

    You think virus protection protects your net work? You missed the entire point. Then you followed it up with a broken car analogy.

    Perhaps you should try understanding what you do for a living instead of doing whatever some book and a whole bunch of marketing literature told you to do.

    I check in on my machines and make sure they are working. I protect my networks, and make sure that if they *do* get infected they're not going to infect *your* network.

    Judging by your comment, on the other hand, you merely install security-blanket style security software on your systems and think that makes you "responsible".

    Users have no remorse because they are given zero responsibility. Why should they care if they fuck up your machines? You secured them. They're protected. They're both "safe" because of the protections, and completely disallowed from making any responsible decisions about their own machines, so they take zero responsibility.

    You, sir, are the cause of your own user-troubles.