A national survey of U.S. white-collar workers commissioned by the nonprofit, independent organization ISACA (formerly the Information Systems Audit and Control Association) has found that more than one-third (35%) of employees have violated their company’s IT policies at least once and that nearly one-sixth (15%) of employees have used peer-to-peer file sharing at least once at their place of business, opening the door to security breaches and placing sensitive business and personal information at risk.
John Pironti, member of ISACA’s Education Board said: “A single seemingly harmless activity, such as using peer-to-peer networks while at work, can breach the confidentiality and security of an entire corporate network, including all of the documents, data and internal communications that reside on that network. On average, at a company of 1,000 white-collar employees, up to 70 employees are likely using peer-to-peer file sharing while at work often or very often, based on the survey findings. Companies and employees should be very concerned about their personal and corporate data in light of this information.”
However, the opposite seems to be true. For example, the telephone survey found that 65% of white-collar professionals are either not very concerned or not concerned at all about their privacy when using a workplace computer. A surprising 63% are not very concerned or are not concerned at all about the security of their information while at work.
Additionally, most employees have the misconception that these behaviors pose little to no risk to their companies. Of respondents who said they engaged in these practices, the behaviors they deem to have the least risk include:
- Downloading personal software onto a work computer—74% of those who have done this believe it is not a risky behavior, even though they may unintentionally install spyware or malware on the work computer.
- Checking personal e-mail from a work computer— 73% of those who have done this at work believe it is not risky, despite the fact that they could unknowingly download a virus that infects the corporate network.