Independent research commissioned by GFI Software shows that use of company devices for unrestricted personal use is leading to major downtime and loss of confidential data. Here we take a look at the survey results.
The survey revealed that the employers of 40% of those surveyed had suffered a major IT disruption caused by staff visiting questionable and other non-work related web sites with work-issued hardware, resulting in malware infection and other related issues. The study also revealed that 35% of staff would not hesitate to take company property including email archives, confidential documents and other valuable intellectual property from their work-owned computer before returning it, if they were to leave their company.
Furthermore, the study revealed that half of those surveyed use a personal cloud-based file storage solution (e.g. Dropbox, OneDrive, Box) for storing and sharing company data and documents.
The blind, independent study was conducted for GFI Software by Opinion Matters and surveyed 1,007 UK employees from companies with up to 1,000 staff that had a company-provided desktop or laptop computer.
Big brother is watching
In addition to these findings, the survey also found a substantial concern among employees over whether their employers were monitoring their computer use, as well as a lack of understanding of how it can be done and what devices can be monitored.
The research revealed that 42% of respondents are concerned about their employer’s ability to monitor their computer use, while almost two-thirds of those interviewed (63%) think their employer can monitor an iOS, Android, or Windows-based tablet use as easily as they can a conventional PC. However, almost one in five are unsure if their employer can monitor a tablet.
“Data security and integrity is a big challenge for companies as a result of the widespread movement away from desktop computers to laptops. Since laptops are usually brought home, they frequently get used out-of-hours for both work and non-work activities. Without clear policies and guidelines in place on approved personal use boundaries – backed up with technology to limit access to the most challenging parts of the internet – the dividing line between work tool and personal device, can quickly become blurred,” said Sergio Galindo, general manager of GFI Software.
“There are clear arguments in favour of letting staff use company computers for a degree of personal activity. It’s good for morale, productivity and it’s just common sense. However, people still need to remember that at the end of the day it is not their device, and neither is the company data on it. It is surprising how many people forget that and our survey underscores just how true this is. You would not go racing around a track in a company car, even though they let you take it home for an evening and pay for the petrol or diesel. The same principle applies to a company computer. Just because you can use it to access questionable content, doesn’t mean it is appropriate to do so,” Galindo added.
Guilty histories
With many people using their company-owned PC as their own fully-fledged computer, and relying on it for everything from banking to shopping and music to videos, they will build up a comprehensive history of web sites visited, as well as files and documents of their own that have no bearing on their job role.
The survey also asked users how comfortable they would be if their co-workers, or their friends and family could see their personal browsing history. Over one in five (21%) would not want their family or colleagues to see their browser history or hard drive contents in the event they were suddenly incapacitated, died, or otherwise didn’t have an opportunity to sanitise their computer first.
This reaction highlights significant issues for users who need to return a company-owned device when they leave a job, or simply when it is time for it to be replaced with a new model.
When asked what they would do to their computer first if their employment ended, 60% would make a grab for their personal files. More than one-third (35%) would also take company documents, including confidential data and customer lists, despite it being a blatant act of theft, raising significant concerns for employers over data security and compliance.
However, 27% would simply walk away from their work device, not taking anything, including their own legitimate belongings, from the unit before handing it back.
“Data protection is a big problem, and one that has been exacerbated by the casual use of cloud file sharing services that can’t be centrally managed by IT. Content controls are critical in ensuring data does not leak outside the organisation and doesn’t expose the business to legal and regulatory compliance penalties. Furthermore, it is important that policies and training lay down clear rules on use and reinforce the ownership of data,” added Galindo.