A colleague asked me recently: "What scares you most, insider threats or outsiders?"

Both, I replied: "One you know about, one you don't. A threat is a threat."

Insiders are not always malicious. Yes, you'll find the odd disgruntled employee, but in many cases, problems arise due to negligence, ignorance or bad luck. That's not much comfort if you're an administrator but it's a reality - we have to accept someone on the inside will cause us grief.

There is more to security than firewalls and antivirus. Understanding how people behave, adopt and adapt to technology is just as important. There is a wealth of information that could be collected in the aggregate from employees, which can help management and IT mitigate risks.

Employee attitudes

A recent survey by GFI on employee attitudes towards work and their use of technology shows how important it is for organisations to understand what's really going on in-house.

For example, you would imagine that most are not happy with mobile computing; however the majority of employees surveyed believe that mobile computing has actually improved their lives because they can work from anywhere. And yes, surprisingly, employees are also concerned about privacy and data protection.

Some other insights include:

  • 33 percent of respondents said they use social networks for personal reasons while they are working; 18 percent of these respondents admitted it makes them less productive.
  • Nearly all respondents with employer-owned mobile computing devices said they use them for things not related to work; 22 percent said they do so often, 38 percent sometimes and 30 percent rarely.
  • 43 percent of small business employees have connected to their work networks remotely using a mobile computing device.
  • 7 percent acknowledge they have at some point lost a mobile computing device that contained company data.
  • Only 36 percent of respondents said their employer's computers are set up to block them from visiting certain websites.

Does it sound odd that IT managers should have an 'HR' role as well? I don't think so. Understanding the employee base gives everyone the intelligence to plan, prepare and counter problems before they arise. A resolution worth pursuing?

  • Sergio Galindo is the general manager of the Infrastructure Business Unit at GFI Software.