Employees bypass IT and do not consider security

News by Dan Raywood

A new survey has revealed how employees are bypassing IT policies and showing a lack of conviction towards security.

A new survey has revealed how employees are bypassing IT policies and showing a lack of conviction towards security. 


The survey, conducted by InsightExpress on behalf of Cisco, showed that across 1000 employees and 1000 IT professionals from ten countries, employees are bypassing IT policies to access unauthorized websites.


Of those surveyed, one in five admitted altering the security settings on their work devices to bypass IT policy so they could access unauthorized Web sites. When asked why, more than half said they simply wanted to access the site while a third said, “it's no one's business” which sites they access.

Two out of five IT professionals dealt with employees accessing unauthorized parts of a network or facility, with two thirds encountering multiple incidents in the past year, and 14 percent monthly.

Employee access of applications and websites was reported by seven out ten IT professionals claiming that this led to as many as half of their companies' data loss incidents. Meanwhile two thirds of employees admitted using work computers daily for personal use.


One in five employees store system logins and passwords on their computer or write them down and leave them on their desk, in unlocked cabinets, or pasted on their computers. In China, 28 percent of employees reported storing logins and passwords to personal financial accounts on their work devices, leaving their identity and finances at risk.

One in four employees admitted verbally sharing sensitive information to non-employees, such as friends, family, or even strangers while 44 per cent of respondents said that they shared work devices with others including non-employees.


Finally one in three employees leave computers logged on and unlocked when they're away from their desk and tend to leave laptops on their desks overnight, sometimes without logging off.


John N. Stewart, chief security officer of Cisco, said: “We did not conduct this research to take a ‘doomsday approach'. Security is ultimately rooted in human behaviour, so businesses of all sizes and employees in all professions need to understand how behaviour affects the risk and reality of data loss — and what that ultimately means for both the individual and enterprise.


“Understanding this can help businesses strengthen relationships with its constituents, tailor localized awareness and education programs, and better manage risk. Simply put, security practices can be more effective.

“Businesses are enabling employees to become increasingly collaborative and mobile. Without modern-day security technologies, policies, awareness and education, information is more vulnerable. Today, data is in transit, in use, within programs, stored on devices, and in places beyond the traditional business environment, such as at home, on the road, in cafes, on airplanes and trains.


“To protect your data effectively, you really need to start by understanding the risk characteristics of your business and then base your technology, policy, and awareness and education plans on those factors.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews