Cisco survey: Cultural differences can complicate IT security when work goes offshore

Employee behavior on handling of data varies in different countries, 10-nation survey finds

October 1, 2008 (Computerworld) Companies that are globalizing their operations or outsourcing work to offshore locations shouldn't overlook behavioral and cultural differences when developing their security risk-management plans, according to a survey of IT managers and end users in 10 countries that was released yesterday by Cisco Systems Inc.

The survey results show that employee behavior can vary by country and culture and have a direct bearing on the threats posed to corporate data. "As you globalize and move into new regions that you haven't worked in before, you really need to understand the cultural differences" in order to implement an effective data protection strategy, said Marie Hattar, Cisco's vice president of network and security solutions.

The survey was conducted for Cisco by InsightExpress LLC, a Stamford, Conn.-based market research firm. A total of more than 2,000 people — about half of them IT decision makers — were polled in the U.S., the U.K., France, Germany, Italy, Japan, China, India, Australia and Brazil, Cisco said.

Many of the countries haven't experienced the same level of worm mass mailings, denial-of-service attacks other IT security threats that companies in the U.S have been dealing with for years, Hattar said. As a result, she added, there sometimes appears to be more tolerance in other countries for end-user behavior that would be considered risky in the U.S.

For example, about 64% of the IT decision makers surveyed in China and nearly half of the ones in Brazil said they thought that employees at their companies allowed outsiders to use corporate laptops and mobile devices without any supervision.

Meanwhile, 39% of the end users polled in Brazil and 20% in India admitted to sharing sensitive information about their jobs with family members and friends; another 8% and 7%, respectively, said they had shared such data with absolute strangers. In contrast, the number of respondents in the U.S who acknowledged that they had done the same things was 16% and 2%. In a majority of the cases, the survey respondents said they discussed sensitive information with others because they wanted to bounce an idea off of someone, or just vent.

More: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9116018&intsrc=hm_list

Nice....