A Quarter of British Employees Search for
Other Employment While at Work
by
Urban Schrott
Safetica, a provider of employee monitoring and data protection software, has commissioned research in the UK—carried out by TNS Omnibus—which would help understand employees’ work habits and activities that might have an adverse effect on their productivity and the integrity of their company’s data.
The risks that irresponsible use of computers at work brings are two-fold. First there are the obvious work hours lost and unnecessary costs involved, but there is also the heightened level of potential data security threats. According to a 2011 Ponemon Institute study, 63% of company IT staff think that employees’ use of social media in the workplace represents a serious security threat to their organization. In addition to that, Verizon’s 2010 study showed that 48% of data breaches in 2010 were caused by insiders, while Ponemon Institute’s 2012 study has shown that 78% of organizations experienced data breaches as a result of negligent or malicious employees and that 56% of data breach incidents were only discovered accidentally.
So, how did the British employees do? We asked 663 of them a multiple-answer question with two modifiers, to see if knowing that there is a company policy in place changes their attitude. Of all those asked, between 43% and 54% said they do not use a computer in their line of work, but the rest gave the following results.
A positive finding of this research is that at least having a policy in place reduces the (admitted) levels of undesirable activities by about one third (and in our research also shows an increase in the number of those that say they haven’t done any of these as they do not work with a computer). So even such a small step as explaining to the employees what they can and cannot do in the workplace already has a beneficial effect. A more worrying aspect is, of course, that a relatively large percentage (up to one in four employees) engage in undesirable activities in spite of being aware of policies that prohibit them, while where policies are not in place as many as one in three employees engage in inappropriate activities.
The fact that the highest scores for admitted undesirable activity are in the printing of personal files and the use of social media may seem relatively harmless, it does illustrate that breaking the rules is seen as relatively acceptable, while the security implications of those breaches may not even have been taken into consideration. These range from the outgoing (public facing) threat of making inappropriate posts on social media, which potentially harm the company’s productivity and reputation, to the incoming threat of possible malware infection of company computers and networks caused by clicking unsafe links.
However, the numbers of people admitting to taking company files home (even if against policy) is frighteningly high. Approximately one in ten people, on average, admit to having no qualms about doing that. In a company with 1000 employees, that means that up to 100 people are capable of walking away with sensitive company documents, which is a risk no company should take lightly.
A few interesting details could be ascertained from the demographic breakdown of the statistics.
It’s interesting to compare the results to the similar survey Safetica did in Ireland a month earlier, where males lead in every category, with a particularly noticeable lead when it comes to browsing for other employment, with 29% of males compared to 14% of females. In the UK the roles seem reversed. As the tables show, women are bolder when it comes to defying rules in almost all categories, and very closely tied with males even in those categories where they don’t lead. But—just like in Ireland—the older generations seem to be more orderly, with the young 25-34 age group scoring highest in all categories.
In light of all this, responsible companies would be wise to take steps to implement security policies which would prevent excessive abuse of company resources by employees. As can be gathered from these statistics, having a policy in place does make a difference. However, it only reduces the frequency of the unwanted activities, it does not completely prevent them. For protection against the unauthorized copying, emailing, editing, or opening of company files, as well as for monitoring, reporting and preventing employees from partaking in unauthorized activities, a comprehensive software solution should be considered.
Urban Schrott is IT Security & Cybercrime Analyst at Safetica.
