"In general, more policy blocks overall are triggered by workers when they are out of the office, indicating -- rather intuitively -- that users are more compliant with usage policies when in the office," said Paul Wood, a senior analyst with MessageLabs Intelligence. Most likely, users on the go are "taking the opportunity to visit a greater variety of websites than they would when at their desks."
Comparing browsing habits in the office versus on the go, the report found that mobile workers are more than five times as likely to trigger blocks relating to not-allowed downloads. Mobile workers are also more likely to attempt to violate prohibitions on shopping, search engines, and personals or dating websites. Interestingly, however, attempts to access adult or sexually explicit content was more likely to happen from the workplace.
The findings support the argument, often advanced by security experts, that without automatic enforcement, having written security policies does little to alter user behavior or make organizations more secure.
Beyond workers trying to access prohibited content, the Symantec report also said that a persistent threat is workers trying to access legitimate sites that have been compromised. According to the study, "recent analysis by MessageLabs Intelligence highlighted that more than 80% of websites blocked as malicious were found to be legitimate websites that had been compromised." In other words, balancing usage policies with real-time security is essential for safeguarding mobile workers.
The new report also rounds up recent changes in online threats. The good news is that spam declined slightly from August to September 2010, and now accounts for 92% of all email. The number of malicious websites seen by Symantec Hosted Services daily likewise declined by 11% in the same timeframe. On the bad-news front, the amount of new malware increased by 9%, to account for 22% of all web-based malware. The most-seen piece of malware was Sality, accounting for 8% of all malware. The virus targets the now-patched Microsoft shortcut link vulnerability.