Security behavior varies by country, Cisco finds

Networking giant conducts study to highlight how cultural approaches to IT differ.

The risks taken by employees with company data can vary by nation and culture, a Cisco study has suggested.

The survey, based on interviews conducted with 2,000 employees in ten countries, the US, the UK, France, Germany, Italy, Japan, China, India, Australia, and Brazil, found that employees from all nations exhibited risky behavior. The usefulness of the survey was in pinpointing which form of behavior attached to which nation.

The Chinese and Indians were the most likely to bypass set security settings to access unauthorized Web sites, with 52 percent saying they would do this because it was "no one's business" which sites they visited.

US and Indian employees were the most likely to use unauthorized applications - precisely the form of risky behavior identified by IT staff as causing most data leakages - with, respectively, 74 and 79 percent admitting they would do such a thing with work laptops and PCs.

In Germany, by contrast, the biggest issue was simply letting non-employees wander freely around the office without supervision.

That an employee in the UK might approach the issue in ways that are subtly different from the same employee in China, the US, or Germany sounds like an obvious point, but according to the networking giant it has tended to be little discussed. The reasons were often cultural, and sometimes related to the length of time IT had been an established part of a particular society, or simply social norms with a country.

"Businesses are enabling employees to become increasingly collaborative and mobile," said Cisco CTO, John Stewart. "Today, data is in transit, in use, within programs, stored on devices, and in places beyond the traditional business environment, such as at home, on the road, in cafes, on airplanes and trains. This trend is here to stay."

Companies with a global footprint had to be aware of different cultures and be willing to tailor their security education to fit in with differences in attitude. One size fits all would not work.

"Data protection requires teamwork across the company. It's not just an IT job anymore," he said.

Join the newsletter!

Error: Please check your email address.

More about Cisco

Show Comments
[]