Slashdot Mirror

← Back to Stories (view on slashdot.org)

One-Third of Employees Violate Company IT Policies

Posted by Zonk on from the yeah-but-they-were-all-bad dept.

BaCa writes with a link indicating that a survey of white collar US workers shows that something like a third of all employees break IT policies. Of those, almost a sixth actually used P2P technologies from their work PCs. Overall, the survey indicates workers aren't overly concerned about any kind of security: "The telephone survey found that 65% of white-collar professionals are either not very concerned or not concerned at all about their privacy when using a workplace computer. A surprising 63% are not very concerned or are not concerned at all about the security of their information while at work. Additionally, most employees have the misconception that these behaviors pose little to no risk to their companies."

9 of 320 comments (clear)

  1. I don't believe it by stoolpigeon · · Score: 5, Insightful

    I'm guessing a more accurate headline would be: One-Third of Employees Admit to Violating Company IT Policies
     
    The rest just didn't let on - because there is no way the number is that low. Or they didn't outright lie, they just didn't even know they had violated company policies.

    --
    It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
    1. Re:I don't believe it by Anonymous Coward · · Score: 5, Funny

      Hell, I'd be happy if 1/3 of our employees could even name all of the IT policies they were breaking.

    2. Re:I don't believe it by vertinox · · Score: 5, Funny

      Or they didn't outright lie, they just didn't even know they had violated company policies.

      I don't know how many times a conversation went like this:

      Me: Whats your user name?
      User: Its u2343 and my password is "bobspassword"!
      Me: Wait! ARRRRRGH! Don't tell me that! I'm not supposed to know your password, I just wanted your user name!

      --
      "I am the king of the Romans, and am superior to rules of grammar!"
      -Sigismund, Holy Roman Emperor (1368-1437)
  2. Lol by jayhawk88 · · Score: 5, Funny

    Of those, almost a sixth actually used P2P technologies from their work PCs.

    In other news, one sixth of one third of all IT admins are stupid enough to not block P2P traffic on their networks.

  3. What they don't say by kpainter · · Score: 5, Interesting

    There are a lot of really stupid IT policies out there that, in the name of security, in fact merely hinder getting work done. I am not talking about P2P. Giving a developer a workstation with a user account with no administrator privileges on Windows is among them.

    1. Re:What they don't say by moderatorrater · · Score: 5, Insightful

      What I've noticed more of is that there's the "Company IT Policy" (tm) and the actual acceptable use policy. On paper you're not allowed to put any personal files on the computer, browse any non-work-related sites, or use a messenger client. In reality, you can bring in your own music or any work-related programs as long as you take the flak for illegal things, browse sites but only for a reasonable amount of time, and the same for messenger.

  4. Unreasonable Policies by bazald · · Score: 5, Insightful
    Some policies just aren't reasonable or well thought out. This article is clearly blowing the issue out of perspective by not separating out different behaviors.

    Checking personal e-mail from a work computer-- 73% of those who have done this at work believe it is not risky, despite the fact that they could unknowingly download a virus that infects the corporate network. Wow, really? I'll stick to those corporate virus-free e-mail accounts from now on. Are they also completely free of spam? That would be nice too.
    --
    Insert self-referential sig here.
  5. Where I work... by Toreo+asesino · · Score: 5, Interesting

    ...there's a very relaxed IT policy.

    Browse whenever you want, take whatever software you want home, check your email if you want, everyone's their own local admin, no audits.

    However, if you get caught with illegal software, miss a deadline because of blatant time-wasting, then you get fired (for continuous abuse). People work not because of policy, but because they want to do well and enjoy what they're doing.

    I happen to also work in one of the biggest names in IT too....not some small company. The policy works very well, as is evident from the company's success and the fact people rarely leave. That and brain-implants, anyhow.

    --
    throw new NoSignatureException();
  6. Re:most employees... by ivan256 · · Score: 5, Interesting

    I've actually tried this little social experiment.

    I run the network for my mother's company for free, so I'm allowed whatever liberties I'd like in deciding policy instead of having it dictated by a boss. They've got over 20 machines, and they aren't formally assigned, so if one goes down it's not the end of the world, the employee can use one at another desk for awhile. Usually they use the same one every day though.

    The experiment was this:

    Four new employees. Four new Windows XP Professional PCs. All use Firefox for a browser and Thunderbird for e-mail, along with the proprietary manufacturing/sales app that they run their business with. Two machines got Symantec anti-virus, and the other two got no anti-virus. They were told that since we don't have a copy for that machine, they'll just have to be extra careful about what documents they open, and how they use their e-mail. (We really were out of licenses/subscriptions, which is how this started)

    After three months, both of the AV-free PCs were completely fine, and one of the machines that had the anti-virus was running a botnet spammer (the outgoing spam was being blocked by the firewall). The most amazing bit though, was that the fear of not having anti-virus protection had stopped users of those two machines from doing most of the non-viral bad stuff that average windows users do. There was no proliferation of toolbars, no weatherbug.... They didn't even have realPlayer.

    It's amazing what a false sense of security people get from running anti-virus software. They don't even realize that they still have to be careful because 0-day threats aren't in the latest virus definitions yet. They think they can do whatever they want, because they are protected.

    The whole company has since gone anti-virus free on the desktop, and problem reports and performance complaints have dropped way down. Education and a healthy dose of respect for the evils of the world work better than any anti-virus on the market. And the cost savings are nice too.

    (There is still some basic protection in place. All internet access is through a secured web proxy. Non-http traffic isn't allowed. Intrusion detection on the firewall, etc... And the servers are still scanned, AVG on the windows servers, chkrootkit on the linux servers.)