Is ignorance bliss? Majority of employees don't know or follow IT security policies

The numbers break down as follows: 33% of employees surveyed said they do not always follow IT security policies and 21% said they do not even know what the policies are.

For the survey, Harris Interactive polled 2,541 adults ages 18 and older, of which 1,391 were employed full and/or part time.

Respondents were also asked about using printers and scanners to copy confidential information. Half of those employees whose workplace had a printer or copier said they have copied, scanned, or printed confidential information at work.

According to the survey, 39% of employees who copy, scan, or print confidential information at work worry whether the information on a networked device, such as a printer or copier, will remain secure. Of those, 86% say they are at least somewhat worried about personal information, 77% say customer data, 77% say employee information, and 70% say proprietary company information.

“There are concerns that the information printed or scanned on that device would remain secure”, said Eric O’Brien, director of product management for embedded security at McAfee.

“If I’m at work and preparing a presentation that is confidential for my bosses, I have a reasonable expectation of confidentiality if I use a printer inside the walls of my organization. I should be able to make copies of that prior to a briefing in a boardroom”, O’Brien told Infosecurity.

More than half (54%) of respondents say computers pose the biggest security threat to their company’s network compared to other IT devices, while only 6% say it is multifunction printers (MFPs).

Only 13% of employees whose workplace has a printer, copier, or MFP say they are prompted to enter a password or passcode on the MFP before releasing a job they have printed or copied.

“There is a need to consider the security of multifunction printers along with other networked devices in an organization”, O’Brien stressed.

To improve the security of networked printers and copiers, McAfee is teaming with Xerox to design a security system to protect confidential data handled by these networked devices, he explained.

By integrating embedded McAfee software into Xerox multifunction printers, the two companies plan to use a whitelisting method that allows only approved files to run, offering more protection than traditional blacklisting where a user has to proactively block viruses, spyware and other malicious software, O’Brien said.
 

What’s hot on Infosecurity Magazine?