Two-thirds of Irish employees admit they would immediately alter their online behaviour if they had as much as an inkling that their employers were monitoring their online activity, a survey of 250 office workers has revealed.
Seven per cent of those surveyed use the same password for work and personal use, and 62pc also confirmed they can access social media sites, such as Facebook and YouTube, in the workplace.
The research was commissioned by DataSolutions in conjunction with EMC’s security division RSA, and was completed by the Marketing Development Programme, UCD Michael Smurfit Graduate Business School in January 2013.
A total of 250 Irish office workers were interviewed in relation to their online behaviours and their knowledge of company security policies.
Respondents were also asked if they would give away their password for a Mars bar. One in 25 (4pc) said they would give away their password for the chocolate bar. However, when the incentive was increased to a €20 ‘One 4 All’ voucher, the numbers willing to reveal their password quadrupled to 1 in 6 (16pc).
Confusion over BYOD
Due to the abundance of smartphones and tablets and the explosion of BYOD (bring your own device) in the workplace, respondents were also asked if their employers have a policy in place for reporting lost or stolen personal devices that have access to the corporate network. Almost a third (32pc) of those surveyed said they don’t know if any such policy is in operation in their workplace.
“We decided to conduct this survey following the results received from a similar survey late last year, in which 278 Irish IT managers were interviewed,” David Keating, security sales manager, DataSolutions, explained.
“In that survey, we found 80pc of Irish IT professionals were more concerned about the actions of careless employees than hackers. Given these results, we wanted to see how Irish employees themselves viewed IT security and there are some interesting findings.
“With 17pc of employees admitting to using the same password for work and personal activities they are potentially exposing the company to a number of cyber threats. If we take, for example, the LinkedIn security attack in 2012, where 6.5m passwords were compromised, the potential risk of using the same password for personal and work activities becomes clear.
“LinkedIn contains a lot of information on an individual’s place of work, company information and quite often provides his or her email address. This could have been a catastrophe if even one of these passwords was used to access a company’s network by the wrong people.
“The large percentage of employees who would change their online behaviour if they knew their employer was monitoring them leads us to question what they are doing online. In the majority of cases, we can assume it is something innocent, such as accessing social networking sites.
“However, employees need to be aware of the potential IT security threats from their online activities and ensure they are not doing anything to compromise the integrity of the company’s network,” Keating said.
