One in three British employees spends time on social media or prints private files on company printers instead of working, one in four searches for other employment from the work computer and 12 per cent take company files home…

Safetica, a provider of employee monitoring and data protection software, has commissioned research in the UK – carried out by TNS Omnibus– which would help understand employees’ work habits and activities that might have an adverse effect on their productivity and the integrity of their company’s data.

The risks that irresponsible use of computers at work brings are two-fold. First there are the obvious work-hours lost and unnecessary costs involved, but there is also the heightened level of potential data security threats. According to a 2011 Ponemon Institute study 63% of company IT staff think that employees’ use of social media in the workplace represents a serious security threat to their organization.

In addition to that, Verizon’s 2010 study showed that 48% of data breaches in 2010 were caused by insiders, while Ponemon Institute’s 2012 study has shown that 78% of organizations experienced data breaches as a result of negligent or malicious employees and that 56% of data breach incidents were only discovered accidentally.

So, how did the British employees do? We asked 663 of them a multiple-answer question with two modifiers, to see if knowing that there is a company policy in place changes their attitude. Of all those asked, between 43% and 54% said they do not use a computer in their line of work, but the rest gave the following results.

Did you ever do the following

… knowing it was unrelated to work.

… knowing it’s against company policy.

I have printed personal files on company printers

32%

24%

I have used social media (Facebook, Twitter, YouTube) during work hours

32%

22%

I have browsed for other employment from my work computer

23%

16%

I have taken company files (Word texts, Excel spread sheets, customer lists, etc) on a CD or

USB stick or printed them out and took them home or emailed them to my private email

12%

7%

A positive finding of this research is that at least having a policy in place reduces the (admitted) levels of undesirable activities by about one third (and in our research also shows an increase in the number of those that say they haven’t done any of these as they do not work with a computer). So even such a small step as explaining to the employees what they can and cannot do in the workplace already has a beneficial effect.

A more worrying aspect is, of course, that a relatively large percentage (up to one in four employees) engage in undesirable activities in spite of being aware of policies that prohibit them, while where policies are not in place as many as one in three employees engage in inappropriate activities.

The fact that the highest scores for admitted undesirable activity are in the printing of personal files and the use of social media may seem relatively harmless, but it does illustrate that breaking the rules is seen as relatively acceptable, while the security implications of those breaches may not even have been taken

into consideration. These range from the outgoing (public facing) threat of making inappropriate posts on social media, which potentially harm the company’s productivity and reputation, to the incoming threat of possible malware infection of company computers and networks caused by clicking unsafe links.

However, the numbers of people admitting to taking company files home (even if against policy) is frighteningly high. Approximately one in ten people, on average, admit to having no qualms about doing that. In a company with 1000 employees, that means that up to 100 people are capable of walking away with sensitive company documents, which is a risk no company should take lightly.

A few interesting details could be ascertained from the demographic breakdown of the statistics.

Table A

Did you ever do the following…

… knowing it was unrelated to work.

Male

Female

I have printed personal files on company printers

29%

36%

I have used social media (Facebook, Twitter, YouTube) during work hours

31%

33%

I have browsed for other employment from my work computer

19%

26%

I have taken company files (Word texts, Excel spread sheets, customer lists, etc) on a CD or USB stick or printed them out and took them home or emailed them to my private email

13%

12%

Table B

Did you ever do the following…

… knowing it’s against company policy.

Male

Female

I have printed personal files on company printers

21%

28%

I have used social media (Facebook, Twitter, YouTube) during work hours

23%

21%

I have browsed for other employment from my work computer

14%

19%

I have taken company files (Word texts, Excel spread sheets, customer lists, etc) on a CD or USB stick or printed them out and took them home or emailed them to my private email

7%

8%

It’s interesting to compare the results to the similar survey Safetica did in Ireland a month earlier, where males lead in every category, with a particularly noticeable lead when it comes to browsing for other employment, with 29% of males compared to 14% of females. In the UK the roles seem reversed. As the tables show, women are bolder when it comes to defying rules in almost all categories, and very closely tied with males even in those categories where they don’t lead. But – just like in Ireland – the older generations seem to be more orderly, with the young 25-34 age group scoring highest in all categories.

In light of all this, responsible companies would be wise to take steps to implement security policies which would prevent excessive abuse of company resources by employees. As can be gathered from these statistics, having a policy in place does make a difference. However, it only reduces the frequency of the unwanted activities, it does not completely prevent them. For protection against the unauthorised copying, emailing, editing, or opening of company files, as well as for monitoring, reporting and preventing employees from partaking in unauthorised activities, a comprehensive software solution should be considered.

(I know of one that does all that, but I shouldn’t really be making a sales pitch here. :))

More info at www.safetica.co.uk