Two surveys fresh out today claim office workers are slipshod and lazy and are putting their employers at risk of PC meltdown.

Price Waterhouse Coopers has revealed that office workers typically don't backup their desktop computers. Worse, many businesses don't have desktop backup routines either. The implication is [shock, horror] huge amounts of data are at risk of destruction-causing mayhem.

A Novell survey looked at how workers watch out for viruses. Most of them don't, we’re told.

Taylor Nelson Sofres surveyed 1,000 UK workers. Respondents were ignorant about how to detect viral e-mail attachments and were not motivated to find them. Ben Bulpett, enterprise sales director for Novell UK, gives the company’s take on this.

"There really are two types of people (causing problems) here. There are those who are really busy, and who just don't think it's their issue, and then those who have had little training and education. Between them they're set to create massive loopholes for a company's security to be breached." It's shock and horror all over again.

But both these surveys betray a somewhat unrealistic view of office workers. Commonsense says we protect what we value and own. Where the risk of loss or damage is slight and/or the amount of damage is not that great, then we take the risk. Where we don't own something, we don't protect it.

Insurance companies may urge us to protect everything and insure against any old risk but most people resent this nannyish view and, by insurance company standards at least, are under-insured. But then they would think that. Like Novell, they have protection products to sell.

Why should office workers, employees, watch out for e-mail viruses? The company employing them should do it for them. It generally has secured office entrances - you can’t just walk into a building and sit down at a desk - so it should have secured e-mail entrances as well. To an average office worker that would seem logical. It's not a case of being lazy or slipshod; it's using one's time to best effect and putting the responsibility in the right place.

It's the same for desktop backups. If employers really thought that desktop-held information was vital then it would be backed up. By and large they don't, and it isn't. Bleating from IT consultancies trying to sell data protection audits is never going to change that.


Do you agree with Chris? Should employees be left out of security? Or should end-users be educated, forcibly if needs be? Say what you think right now in this topic's forum thread.