The average IT manager is more concerned about what their colleagues get up to in the estimated 1.5 hours per day they spend engaged in personal activities on the Internet than about direct attacks from hackers, phishers, and other external threats.
More than half the IT managers surveyed in a recent study by StollzNow for Websense Australia said that managing employee behaviour was the most frustrating part of their job. This was followed by budget constraints (48 per cent), lack of time for security (25 per cent), IT security being a low priority (23 per cent), and ease of deployment (18 per cent).
For the 2007 State of Security Report StollzNow surveyed 158 employees and 159 IT managers at Australian organisations with 50 staff or more.
According to the survey, employees estimated they spent 45.1 minutes per day on personal Internet use and a further 85.3 minutes a day on business Internet use. Their IT managers thought this optimistic, estimating that employees at their organisations spent 89.5 minutes - or 1.5 hours - every working day on personal Internet use.
"People are spending an enormous amount of personal time online at work, much of which raises security concerns for both the user and the IT department," said Joel Camissar, ANZ country manager of Websense.
Employees' favourite activities while on the web are visiting banking and finance sites (46 per cent), reading news and sport (39 per cent), accessing personal e-mail such as Hotmail and Gmail (29 per cent), and visiting jobs sites (18 per cent).
Less common activities included some of the most time-consuming, dangerous, or bandwidth heavy: instant messaging friends (13 per cent), playing online video clips, downloading from free software sites (nine per cent), visiting games sites (seven per cent), downloading music (four per cent) and peer-to-peer file sharing (three per cent). Each presents an easy way for confidential information to leave the organisation or for problems to be introduced.
Beyond the web, 53 per cent of employees surveyed said they had sent work documents to personal e-mail accounts, 20 per cent had opened suspicious emails, 17 per cent clicked on pop-up ads, eight per cent admitted viewing adult material and three per cent had engaged in online gambling. One per cent had knowingly distributed confidential documents.
Employees seemed to understand that such digital promiscuity could cost their jobs. Leaking sensitive information was seen to be a dismissible offence by 74 per cent of employees, followed by viewing adult content (73 per cent) and infecting the company with malicious spyware or a virus (63 per cent).
When it came to losing their jobs, IT managers were most concerned about staff leaking confidential information (56 per cent saw this as the main reason they could be dismissed). This was followed by introducing viruses (52 per cent), accessing inappropriate material (47 per cent), and instant messaging abuse (34 per cent).
Len Rust is publisher of The Rust Report.