Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security IT

One-Third of Employees Violate Company IT Policies 320

Posted by Zonk from the yeah-but-they-were-all-bad dept.
BaCa writes with a link indicating that a survey of white collar US workers shows that something like a third of all employees break IT policies. Of those, almost a sixth actually used P2P technologies from their work PCs. Overall, the survey indicates workers aren't overly concerned about any kind of security: "The telephone survey found that 65% of white-collar professionals are either not very concerned or not concerned at all about their privacy when using a workplace computer. A surprising 63% are not very concerned or are not concerned at all about the security of their information while at work. Additionally, most employees have the misconception that these behaviors pose little to no risk to their companies."
This discussion has been archived. No new comments can be posted.

One-Third of Employees Violate Company IT Policies More

One-Third of Employees Violate Company IT Policies

Comments Filter:

  • Re:When Policies are set by PHB's and you need to (Score:3, Informative)

    by Gibble ( 514795 ) on Wednesday October 31, 2007 @05:00PM (#21188755) Homepage
    Pick something you can remember. The simplest way to have mixed case, alpha numeric password with punctuation, is a sentence that you can remember. "Today, a coffee cost $1.99 + TAX!" Secure, simple to remember, and passes all the validation you want to throw at it.

  • Re:What they don't say (Score:1, Informative)

    by Anonymous Coward on Wednesday October 31, 2007 @05:24PM (#21189051)
    There are a lot of really stupid IT policies out there that, in the name of security, in fact merely hinder getting work done. I am not talking about P2P. Giving a developer a workstation with a user account with no administrator privileges on Windows is among them.

    Depends on the kind of developing you are doing. There are many IDEs and testing suites that don't require local admin access.

    On the other hand, if you're writing ethernet drivers, you can't test that on real hardware without admin access.

  • Re:In soviet Amerika, policy violates you! (Score:3, Informative)

    by Jhon ( 241832 ) on Wednesday October 31, 2007 @05:43PM (#21189307) Homepage Journal

    If my installing linux or using an "unapproved" email client upsets someone in IT, that's because THEY are in the wrong not me.
    There are countless examples available, but lets just focus on one you provided: your 'unapproved' email client.

    *YOU* are in the wrong. This is true if *YOU* are not paying for the hardware. This is true if you do not pay the support staff. It is not up to an employee to dictate what services a companies IT department will support -- that's up to management (hopefully with IT input -- but certainly not final say-so).

    We have limited budgets. I don't want to require that my staff knows eudora AND pine AND OE AND outlook AND thunderbird AND xyz AND abc AND fillintheblank. By making everyone use the same email client (or limited set of clients), you reduce training costs and quite frankly, you eliminate the user shooting themselves in the foot. YES there are some users who are quite able to troubleshoot for themselves. BUT, try telling Bob the luddite he can't use thunderbird (something he may have never used, but likes the way it looks) when Lennie The Linux Master two desks down is running pine!

    Simple solutions for companies who don't want silly and frequent helpdesk calls: Keep the workstations as uniform as possible within the scope of work any given employee is required to complete. Feel free to start your own business if the company rules don't appeal to you.

  • Re:What they don't say (Score:3, Informative)

    by l0b0 ( 803611 ) on Wednesday October 31, 2007 @05:56PM (#21189457) Homepage

    Even worse is that once you break one of the unreasonable policies (no admin logon on a developer machine, say), it's hard to keep any respect for the more reasonable ones. A bit of trust and leniency would go a long way toward respect. You could for example tell employees that they should avoid spending a lot of bandwidth during peak hours, and give people plenty warning if they're hogging all the gas.

    Oh, and help them out a little by hinting about things like KeePass [keepass.info] for passwords, TrueCrypt [truecrypt.org] for sensitive data, and MD5 Password generator [angel.net].

  • There are rules and there are RULES (Score:2, Informative)

    by davidwr ( 791652 ) on Wednesday October 31, 2007 @06:08PM (#21189599) Homepage Journal
    There are rules, like the 70mph speed limit or no surfing Slashdot, which are usually ignored unless someone needs a reason to fire you.

    Then there are RULES, like not killing people and not using office computers to plot the overthrow of corporate executives, that will get you fired no matter what.

    Most people are smart enough to know rules from RULES. Those that don't get the corporate Darwin award.

  • Re:What they don't say (Score:2, Informative)

    by Ph33r th3 g(O)at ( 592622 ) on Wednesday October 31, 2007 @09:24PM (#21191485)
    They're SSHd into their boxes at home because the power tripping network nazis at work are blocking things that are useful. Stop with the ridiculous lockdowns for technical people and it won't happen. If your technical people aren't technical enough to be trusted, get new ones. Problem solved.

Slashdot Top Deals

Living on Earth may be expensive, but it includes an annual free trip around the Sun.

Close