InsightExpress fielded the survey for Cisco, which assessed employees use of their company's IT services and IT's assessment of the potential data loss. Entitled "Protect Your Valuable Data," the overall point is that expectations of privacy of personal and company information vary widely among the countries surveyed. International companies need to account for local culture when formulating privacy policies, Cisco concluded.
There are several common practices among all countries, according to the survey: employees use company computers for personal activities such as e-mail, banking, and on-line shopping. All of these are considered high risk for data loss. Most respondents indicated they wanted to visit a Web site regardless of company policy and that it was none of their company's business what they looked at -- another high risk activity.
However, employees in different regions approached security in diverse ways. Only 42% of Chinese employees surveyed reported they had changed the security setting on their computers. But, that's nearly twice the number of workers in Brazil (26%) or India (20%).
Brazilian workers are also more likely to share private company information with close friends and family (39%), while the percentages of sharing respondents in other countries range between 16% to 22%. The most often cited reasons among end-users that shared private data was the need to bounce an idea of someone (44%) and the need to vent (30%).
Marie Hattar, Cisco VP of Network and Security Solutions and Christopher Burgess, senior security adviser with Cisco chalked up the variances to those countries relatively recent growth in computers noting that they probably didn't suffer the wide spread outbreaks of worms that struck the United States in the late 90s and early 2000.
The problem with IT security, in Burgess's and Hattar's view is not technical in nature. Rather, the issues involve expectations employees have in the use of company equipment and the cultural differences where the need for privacy varies in different parts of the world. Training is not enough, the survey found. Instead, Cisco execs suggest training tailored to the cultural norms of the country and company is required.
So what happens when your data is breached? InformationWeek has published an independent analysis on the topic. Download the report here (registration required).