 |
Laptop users taking more security risks
than desktop users
14 June, 2007
By Chris Talbot
Employees that use laptops are taking more security
risks than those that use desktops, but both types
are taking unnecessary risks, according to the "Trust
& Risk in the Workplace Study" from SurfControl.
The study, conducted by Dr. Monica Whitty of Queen's
University Belfast, was based on a survey of 1,000
mobile and desktop employees in the U.S., Australia,
the Netherlands, Singapore and the U.K. The study
found that employees in all five regions are taking
risks, whether they're using laptops or desktops --
but in all regions, laptop users are taking more unnecessary
risks than desktop users.
"We find that laptop users are taking more risks
and also are provided with greater control over their
PC than the locked-down environment on the desktop,"
said Dr. Richard Cullen, chairman SurfControl's global
technology council. Of those surveyed, 55 per cent
of mobile workers said they had complete control over
their laptops, compared to 34 per cent of desktop
users.
Part of the reason for the riskier behavior has to
do with the nature of laptops and connecting wirelessly
via hotspots, but Cullen said there's also an "out
of sight, out of mind" factor. Laptop users in
general are engaging in inappropriate activities moreso
than desktop users in part because their employers
can't see what they're doing with the computers when
they're outside the office environment. For instance,
laptop users engage in downloading of porn and music
(among other things) moreso than their desktop counterparts.
"Browsing sites is a very straightforward way
of compromising a machine," Cullen said. However,
those same users are just as likely to blame their
employers (and the IT departments) when their own
risky behavior actually causes a security breach that
leads to data loss/theft or identity theft, Cullen
said. When something goes wrong, they don't look at
their own behavior as the cause. When it comes to
their own personal loss (if their personal bank information
is compromised, for instance), then they have a greater
tendency to blame themselves, he added.
Of all respondents to the survey, 64 per cent said
they would blame their employers if confidential business
information was stolen because of a breach on a desktop
or laptop. Also, 53 per cent said they would blame
their employers if their identities were stolen following
a security breach on their computers. However, 66
per cent said they would blame themselves if their
personal bank accounts were broken into because of
a breach on their computers.
Additionally, there's a difference in perception
as to who is responsible for updating anti-virus and
anti-spyware software. Of the desktop users surveyed,
62 per cent said they believed the IT staffs was responsible,
but that number was reduced to 47 per cent with laptop
users. According to Cullen, it means laptop users
are engaging in more risky activities and have less
secure applications running on their laptops.
As more businesses continue to migrate from desktops
to laptops to offer the productivity gains of being
mobile to their employees, organizations need to implement
the policies, tools and education that will keep those
mobile computers secure, Cullen said.
"I think there's a whole range of issues that
come into play. One is that people are on the road
and they just need to get things done, so if they
need to get a document over to their friend, are they
going to upload it to a secure fileshare area connecting
over a VPN ... potentially waiting a long time for
it download, or are they going to put it on a USB
key and swap it over? People are going to do what
they need to do to get the job done," Cullen
said.
According to the study, the top risky activity by
both laptop and desktop users is the use of USB keys.
Sixty-nine per cent of desktop users admitted to using
USB keys to transfer data files, whereas 80 per cent
of laptop users admitted the same thing. The top five
risky activities of laptop and desktop users were
the use of USB keys, followed by sending confidential
information via e-mail (58 per cent with desktop users,
60 per cent with laptop users), Internet banking (56
per cent with desktop users, 58 per cent with laptop
users), using instant messaging (41 per cent with
desktop users, 51 per cent with laptop users) and
discussing office gossip via e-mail (34 per cent with
desktop users, 35 per cent with laptop users).
Employers need to look at how they address security
while also addressing the need for workers to be mobile,
Cullen said. There's a drive for employees to have
anytime, anywhere access, but the policies, toolsets
and education need to be in place to make sure employees
are exploiting the technology available to the greatest
degree -- but in a secure manner, he said.
"Education is a key component to this, as well
as just updating polices and really recognizing how
people need to operate and what tools are appropriate,"
Cullen said.
|
|
