Risky business: 70% of young employees ignore IT security policies

70% of young employees said they often ignore the company’s IT security policies
70% of young employees said they often ignore the company’s IT security policies

The most common reason for ignoring IT security policies was the belief that employees were not doing anything wrong (33%). One in five (22%) cited the need to access unauthorized programs and applications to get their job done, while 19% admitted the policies are not enforced, according to a survey of 2,800 young people (age 21–29) in 14 countries conducted by InsightExpress on behalf of Cisco.

Some (18%) said they do not have time to think about policies when they are working, and others either said adhering to the policies is not convenient (16%), they forget to do so (15%), or their bosses are not watching them (14%). More than two-thirds of respondents said IT policies need to be modified to address real-life demands for more work flexibiliy.

Companies restrict many devices and social media applications. Of these, young employees said online gaming (37%) was the most commonly restricted application, and Apple iPods (15%) were the most commonly restricted device.

Ten percent of employees globally said IT policies prohibit the use of iPads and tablets at work, signaling a growing challenge for IT teams as tablet popularity increases. Close to one-third of employees said social networking sites like Facebook, Twitter, and YouTube were prohibited as well.

“If you talk with young folks, they would argue that they couldn’t be successful in their jobs without access to social networking sites, and they would feel out of step with other organizations and their peers without having access to these things”, said Scott Olechowski, threat research manager at Cisco.

Three of five young employees (61%) said they do not think they are not responsible for protecting information and devices, believing instead that IT and/or service providers are responsible.

These young employees “don’t have a sense that they are actually responsible for protecting those devices. They think it is the corporation’s responsibility, if they think of it at all….These numbers indicate that our employees may be one of the top threats we are facing”, he told a Dec. 13 teleconference sponsored by Cisco.

Almost one in four college students (23%) has asked a neighbor to use a computer or the internet, and 19% admitted using a neighbor's wireless connection without permission. About one in five college students globally (19%) admitted standing outside retail outlets to use free wireless connections. About one in 10 (9%) had asked to use a stranger's mobile phone. Overall, 64% of employees surveyed said they had done at least one of these actions.

More than half of the young employees surveyed globally (56%) said they have allowed others to use their computers without supervision – family, friends, coworkers, and even people they do not know.

College students exhibited higher tendencies than young employees to engage in risky online behavior, according to the survey. More than four of five college students (86%) said they have allowed others to use their computer unsupervised, indicating that this behavior is only going to become more prevalent as the next generation of employees enters the workforce.

“One of the underlying things we saw with this report is that expectations of the younger workforce are different. They expect that these new technologies and sites are going to available to them. This is going to be a deciding factor for where people choose to work over time”, Olechowski concluded.

What’s Hot on Infosecurity Magazine?