Company laptops are routinely used to download music and video, access porn and do a spot of online shopping, a new Europe-wide survey has revealed.
So big has the problem become that laptops returning to company networks after their travels are now one of the biggest security hazards faced by many companies. Despite this, 70 percent of companies questioned offered no written guidance to employees on the use of their machines, and only a quarter imposed technological restrictions.
The survey of employees in 500 companies across UK, The Netherlands, Germany, France, and Italy on behalf of Websense, uncovered the tendency of many employees to treat laptops as unofficial personal possessions. The crimes of the mobile workforce are various but include picking up spyware, downloading non-approved software, surfing porn sites and generally treating the issue of security as a minor concern.
An astonishing 46 percent allowed people outside of work to use their machines. And board level employees were no better than workers at other levels of the organisation, with 54 percent admitting any one of a number of hazardous activities such as downloading non-approved software. The UK scored at, or near, the top on most measures of risky behaviour.
"I don’t know if it’s a lack of awareness or that they [companies] are focused on security from within the network," said Mark Murtagh of Websense. "They are looking at the traditional threat of viruses but not doing a good job of protecting against the evolving threats."
Part of the problem was widespread ignorance of the risks of laptop use - the survey revealed that only seven percent of those asked understood what spyware was - coupled with a need to use more technology to lock down security, he said.
Companies loaded anti-virus software but did not yet see the other types of threat, such as data theft, as critical enough to warrant further investment.
Solutions to the problem are harder to gauge. As an absolute minimum, companies should start asking employees to sign up to reasonable use guidelines, while IT staff should treat any laptop connecting to the company network after returning from its travels as a major security risk. Longer term, it seems likely that software to lock down and secure laptops is now likely to become a standard feature.
Who is to blame? Ignorant users, or slack IT directors? Discuss it in our Forum.