Office workers who comply with their employer’s Web usage policies are more likely to trigger a blockage of a Web-based attack than road warriors who are more cavalier, according to a new study.
Employees that have to worry about their boss peering over their should at their computer monitor are more likely to follow their office rules about visiting only legitimate Web sites, according to Symantec Corp.’s MessageLabs Intelligence report for September. Remote workers using an employer’s laptop on the road or at home are less likely to follow those policies, accessing everything from streaming media to personals and dating sites.
Web-based malware accounted for just one in 1,807 of Web traffic blocked for remote workers. Compare that to a rate of one in 322 for office-based workers. The roaming workers were more likely to trigger blocks for unauthorized downloads, media streaming or visiting a time-wasting Web site.
“The lesson to take away from this is it’s not all about putting policy controls in place,” says Paul Wood, a senior analyst with Symantec. “Employees may feel safer visiting legitimate Web sites, but they don’t realize 80 per cent of malware being blocked comes f legitimate Web sites.”
Related Story: Top tips for effective, hassle-free telecommuting
Many hackers embed potentially harmful content into popular legitimate Web sites in an attempt to infect users. That’s why installing endpoint protection on employee’s computers is important, Wood says. It can prevent infection even when employees choose not to follow policies or find ways around them.
Remote workers were more likely than their desk-chained counterparts to trigger blocks for several time-wasting activities. They were more likely to attempt streaming media (22.8 per cent of blocks compared to 10.5 per cent of office workers), downloading files (21.5 per cent compared to just four per cent of office workers) and access social networking and personals Web sites (10.9 per cent compared to 7.7 per cent).
Office-bound workers were most likely to trigger blocks for advertisements and pop-up windows (48.7 per cent of all blocks, compared to 19.7 per cent for remote workers). But they were also slightly more likely to trigger blocks for playing games (3.1 per cent compared to 2.4 per cent) and viewing adult or sexually explicit content (2.5 per cent compared to 1.9 per cent).
“We expected to see more adult content for people on the road, but it seems to trigger more for office-based workers,” Wood says. This could be explained by unintentional clicks on spam links.
Remote workers are likely downloading files such as music, videos or software that they want to personally use, he adds. Streaming media likely saw a lot of blocks during this summer’s FIFA World Cup in South Africa.
Office workers having ads blocked is just a routine event, Woods says. “It’s not something you’d be interested in tracking as an IT manager.”
Not all remote workers need to take hardware out of the office to do their job. Nick Haffie-Emslie is a producer at Toronto-based video production firm VMG Cinematic. Instead of removing his desktop Mac from the office, he just accesses it remotely with software LogMeIn. He is typically out of the office at least one day a week, working in the field, and will sometimes work from home in the evenings.
So Haffie-Emslie doesn’t log in to his work computer to stream media when he’s away from the office. But he often streams media when working in the office, as it’s accepted at his firm.
“A funny YouTube video will go around the office,” he says. “Even though it’s a diversion, it’s still in some way relevant because we do our own video.”
Haffie-Emslie uses his iPhone or his own personal computer to log in and do work remotely when he needs to. That typically involves making a couple of edits to a video, or doing some graphics work.
The MessageLabs survey was conducted with September data collected from Symantec Hosted Services clients. It found that about one in 20 businesses have roaming workers, or workers outfitted with a “roaming” profile for their MessageLabs Web Security Service.