Mobile IT workers taking risks online

Mobile workers are taking unnecessary risks when it comes to the data on their devices and the networks to which they connect, according to a new study.

The SurfControl Trust & Risk Study, conducted by Dr Monica Whitty from Queens University Belfast, reveals the risky behaviour of many employees, particularly mobile workers.

The study surveyed over 1,000 mobile and desktop employees across five countries and found that mobile laptop users took more risks than their deskbound colleagues across all activities surveyed.

A primary source of concern is the 80 per cent of laptop users who access the internet through potentially insecure networks, two thirds of whom are using wireless hotspots.

The risky activities include instant messaging, using USB keys to transfer company data, downloading music and sending confidential information via email.

Dr Whitty warned that all of these activities have the potential to introduce unwanted content to the network, expose confidential information or compromise legal liability.

As well as connecting to potentially unsecured networks, laptop users are more likely to blur the line between company and personal behaviour, and are more likely to conduct risky behaviour on their work machine across all categories.

Some 40 per cent of UK workers email office gossip to one another, and 66 per cent email confidential company information.

Around 35 per cent of US workers admit to downloading music, and 15 per cent to downloading porn.

In Singapore it seems that workers are happy to merge their business and private lives. Some 83 per cent connect USB keys to their work PCs, 64 per cent use IM and 33 per cent play games on company laptops.

"Businesses cannot afford to think that out of sight is out of mind," said Dr Richard Cullen, chairman of SurfControl's global technology strategy council.

"This research highlights the importance of applying a consistent security strategy across all employees, regardless of where or how they access the corporate network."

Despite this risky behaviour, most workers think that the company is ultimately responsible for security. Nearly two thirds indicated that it is the IT department's job to update antivirus and anti-spyware software.

In the case of a more serious incident, users are more likely to blame the boss. If an employee was the victim of internet banking fraud or identity theft, 34 per cent and 53 per cent respectively would blame the company.

"Almost two thirds of our sample would blame their employer if confidential data was stolen from their work computers," said Dr Whitty.

"Given that security breaches and careless mistakes can lead to the loss or theft of confidential information, employers should be cautious when it comes to protecting confidential data."

The report concludes that the most important step for organisations worldwide is to ensure that the corporate usage policy is current and consistent to desktop and mobile users.