Users are apparently aware of insecure activities, such as opening e-mail attachments from unknown senders; yet they still open the attachments and e-mails. The study, which was conducted by research firm InsightExpress, reveals a number of such security contradictions.
For the most part, users are aware of IT security concerns, but not pervasively so. Sixty-six percent of global users indicated that they were aware of security concerns when working remotely.
"At least one-third were not even aware that they are exposed to or could experience security breaches or compromises," Bruce Murphy, Cisco's vice president of Advanced Services, told internetnews.com.
Respondents were given five choices to choose from:
- Leave the e-mail unopened and notify IT;
- Leave the e-mail unopened but not notify IT;
- Open the e-mail to see who it's from but not open any attachments or links;
- Open the e-mail to see who it's from and open any attachments or links; and
- Delete it immediately without opening it.
When presented with options as to what they would actually do with the e-mail from an unknown sender, 44 percent of respondents admitted that they would open the e-mail.
A similar sort of contradiction appeared in response to questions about personal versus work use for respondents work computers.
On a global basis, 29 percent of respondents reported using their work computers for personal purposes. Yet 40 percent admitted to using their work computers to buy personal items and 46 percent admitted downloading personal files to their work computers.
"We see inconsistencies between what people say they do and what they propose they might do in certain cases," said Erica DesRoches, program manager for InsightExpress.
Twenty-one percent of global respondents admitted to allowing others to use their work computers and 11 percent admitted to using their neighbor's wireless connection.
According to DesRoches, the inconsistency of responses is one of the most surprising aspects of the survey and one that likely requires further examination to better understand.
"People understand that they should be concerned about security but they don't behave in secure ways," DesRoches said.