One-third of employees violate company IT policies
Posted on 31 October 2007.
A national survey of U.S. white-collar workers commissioned by the nonprofit, independent organization ISACA (formerly the Information Systems Audit and Control Association) has found that more than one-third (35%) of employees have violated their company’s IT policies at least once and that nearly one-sixth (15%) of employees have used peer-to-peer file sharing at least once at their place of business, opening the door to security breaches and placing sensitive business and personal information at risk.
John Pironti, member of ISACA’s Education Board said: "A single seemingly harmless activity, such as using peer-to-peer networks while at work, can breach the confidentiality and security of an entire corporate network, including all of the documents, data and internal communications that reside on that network. On average, at a company of 1,000 white-collar employees, up to 70 employees are likely using peer-to-peer file sharing while at work often or very often, based on the survey findings. Companies and employees should be very concerned about their personal and corporate data in light of this information.”
However, the opposite seems to be true. For example, the telephone survey found that 65% of white-collar professionals are either not very concerned or not concerned at all about their privacy when using a workplace computer. A surprising 63% are not very concerned or are not concerned at all about the security of their information while at work.

Additionally, most employees have the misconception that these behaviors pose little to no risk to their companies. Of respondents who said they engaged in these practices, the behaviors they deem to have the least risk include:
  • Downloading personal software onto a work computer—74% of those who have done this believe it is not a risky behavior, even though they may unintentionally install spyware or malware on the work computer.
  • Checking personal e-mail from a work computer— 73% of those who have done this at work believe it is not risky, despite the fact that they could unknowingly download a virus that infects the corporate network.


10 practical security tips for DevOps

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Mar 31st