09.30.08, 11:00 AM ET
As the economy sinks and budgets are squeezed, outsourcing looks more and more like a thrifty necessity.
But when it comes to the data security of those far-flung offices, businesses may find they get what they pay for. A study released Tuesday, compiled from surveys of information technology managers and users in 10 countries, reveals an alarming gap between the information-security practices of developed countries and those of emerging markets like China, Brazil and, to a lesser degree, India.
The research, which was commissioned by Cisco Systems (nasdaq: CSCO - news - people ) and carried out by research company Insight Express shows that 75% of Brazilians and 66% of Chinese executives either weren't sure about their employees' data-sharing practices or believed that their employees shared corporate information with those outside the company, compared with 47% of IT managers in the U.S.
Interviewing users, Insight Express found that Brazilian, Indian and Chinese employees were the most likely to alter or remove security settings on company-issued laptops. Chinese users, in fact, were three times as likely as the average respondent to tamper with their machines' security software. And users from those three countries were also the most likely to engage in other risky behavior on work PCs, including reading personal e-mail, downloading music and video and even peer-to-peer file-sharing, a practice that often spreads malicious software or inadvertently gives outsiders access to sensitive documents.
Given that only 10 nations were included, the study's results shouldn't cast aspersions on India, China and Brazil specifically, warns Cisco's vice president of network security Marie Hattar. But the numbers show that inexperienced IT industries may not share the developed world's emphasis on security and privacy, she argues. "Starting with call centers, companies are outsourcing more knowledge workers than ever to countries like China and India," Hattar says. "But because those countries haven't seen the outbreaks and attacks that happened here five or six years ago, the focus on user education there hasn't been very strong."
http://www.forbes.com/technology/2008/09/29/outsourcing-data-breaches-security-tech-cx_ag_0930outsource.html