Security Behavior Varies by Country, Cisco Finds
The risks taken by employees with company data can vary by nation and culture, a Cisco study has suggested.
The survey, based on interviews conducted with 2,000 employees in ten countries, the U.S., the U.K., France, Germany, Italy, Japan, China, India, Australia, and Brazil, found that employees from all nations exhibited risky behavior. The usefulness of the survey was in pinpointing which form of behavior attached to which nation.
The Chinese and Indians were the most likely to bypass set security settings to access unauthorized websites, with 52 percent saying they would do this because it was "no one's business" which sites they visited.
U.S. and Indian employees were the most likely to use unauthorized applications - precisely the form of risky behavior identified by IT staff as causing most data leakages - with, respectively, 74 and 79 percent admitting they would do such a thing with work laptops and PCs.
In Germany, by contrast, the biggest issue was simply letting non-employees wander freely around the office without supervision.
That an employee in the U.K. might approach the issue in ways that are subtly different from the same employee in China, the U.S., or Germany sounds like an obvious point, but according to the networking giant it has tended to be little discussed. The reasons were often cultural, and sometimes related to the length of time IT had been an established part of a particular society, or simply social norms with a country.
"Businesses are enabling employees to become increasingly collaborative and mobile," said Cisco CTO, John Stewart. "Today, data is in transit, in use, within programs, stored on devices, and in places beyond the traditional business environment, such as at home, on the road, in cafes, on airplanes and trains. This trend is here to stay."
Companies with a global footprint had to be aware of different cultures and be willing to tailor their security education to fit in with differences in attitude. One size fits all would not work.
"Data protection requires teamwork across the company. It's not just an IT job anymore," he said.