A majority of employees have either never heard of their companys acceptable use policy (AUP) for computers or choose to ignore it, a new survey from SmoothWall has suggested.
Despite the fact that seven out of ten of the companies claimed that AUPs were important for security, 40 percent of the 300 employees polled said they were unaware of its contents when asked.
The biggest culprits are employees using non-approved applications, with personal email access the main offence. Sixty-one percent of employees saw no problem in using webmail systems such as Gmail, Hotmail or Yahoo while at work, despite the risks from doing so. Forty-one percent also used instant messaging applications on a regular basis.
On the same track, Skype is a growing theme, with more than one in five now firing up the VoIP application to make calls. Skype calls are encrypted, presenting an obvious regulatory risk in some companies, and the application itself is considered almost impossible to detect once it has set up a call connection. If such calls detect suitable bandwidth, a network can become riddled with bandwidth-consuming Skype super-nodes, used to relay calls from less well-provisioned clients.
Lower-level productivity appears to a problem too, with more than third of employees admitting to browsing the Internet for reasons not related to work. Most of this did not happen during lunch breaks, and as much as forty percent of respondents shopped from their desks during work time.
According to SmoothWalls managing director George Lungley, the root of the problem was that companies did not properly communicate company AUPs beyond getting employees to sign up to it on work contracts.
They are not enforcing it (AUPs) or applying any sanctions as they would enforce health and safety policies, he said. This survey suggests its more than a hardcore minority. Instead of handing the problem over to remote HR departments, AUPs were better communicated and less likely to be ignored if they were made the responsibility of line managers.
Anecdotally, more UK companies appear to be adopting new approaches to enforcing AUPs on a reluctant workforce that remains complacent about security. Some organisations allow workers to use designated computers for web access during specified hours, while others simply remind people of the gist of the company AUP every time they log on.