Remote worker security still lax

Despite having a greater awareness of the security risks posed by careless computing habits and personal Internet activity carried out on corporate laptops, many remote workers continue to do things that imperil the safety of themselves and their employers, according to a new report from Cisco.

As part of its annual study on the security awareness and online behavior of remote workers -- based on interviews with 2,000 telecommuters carried out by researchers from InsightExpress -- Cisco experts said that people appear to have acquired a false sense of security when it comes to the use of their company-issued computers and other corporate IT assets.

Despite the fact that the IT security community has done a much better job in recent years of keeping people informed of the latest and greatest malware attacks and social engineering schemes, remote workers keep falling for the same types of tricks as they always have -- in part because they believe that they are now protected by more advanced security technologies, said Patrick Gray, special assistant to the CTO at Cisco.

In fact, in just one year's time, the number of respondents to the survey who expressed a belief that the Internet is "getting safer" increased from 48 percent 12 months ago to more than 56 percent in 2008. The trend was particularly evident in some parts of the world where Internet use is growing the fastest, and where people believe that their governments are going to greater lengths to protect individual users, such as Brazil (71 percent), India (68 percent), and China (64 percent). In Brazil, for instance, where banking-password stealing Trojan virus attacks have finally been thwarted by stricter legal penalties for those creating the threats, people may falsely assume that it is now safe to let down their guard, according to Gray.

"The awareness of security threats has grown across the board, but somehow, because of that, we do see the emergence of this false sense of security," said Gray. "Companies have done a great job of securing themselves at the perimeter, but where they're really falling down is with what is going on within their own networks and what is going outbound. They are blocking a lot more potential threats, but there's a lot of risky behavior on their networks as well."

One of the biggest problems contributing to the situation is the fact that many workers feel it is acceptable for them to use their work computers for their personal activities, such as shopping, interacting with friends, and searching the Web for popular information, the expert maintains.

By using their company-issued devices to head to corners of the Internet where attacks are more prevalent -- such as on e-commerce sites, social-networking portals, and independent Web properties, workers are putting their employers at risk of exploit by malware and other threats, he said.

The report found a 3 percent year-over-year increase in terms of the number of remote workers who felt that it was acceptable to use their corporate devices for personal use, such as Internet shopping, downloading music, and social collaboration.

Business versus personal use

With the rise in attacks being delivered via hacked Web sites and popular destinations including social-networking sites, people need to begin shifting their behavior and keeping their work machines separate from their personal lives, Gray contends.