News

Survey Explores Cultural Differences When Work Goes Offshore

A new survey finds companies that are globalizing their operations or outsourcing work to offshore locations shouldn't overlook behavioral and cultural differences when developing their security risk-management plans

By Jaikumar Vijayan, Computerworld

October 02, 2008 — CSO —

Companies that are globalizing their operations or outsourcing work to offshore locations shouldn't overlook behavioral and cultural differences when developing their security risk-management plans, according to a survey of IT managers and end users in 10 countries that was released Tuesday by Cisco Systems Inc.

The survey results show that employee behavior can vary by country and culture and have a direct bearing on the threats posed to corporate data. "As you globalize and move into new regions that you haven't worked in before, you really need to understand the cultural differences" in order to implement an effective data protection strategy, said Marie Hattar, Cisco's vice president of network and security solutions.

The survey was conducted for Cisco by InsightExpress LLC, a Stamford, Conn.-based market research firm. A total of more than 2,000 people -- about half of them IT decision makers -- were polled in the U.S., the U.K., France, Germany, Italy, Japan, China, India, Australia and Brazil, Cisco said.

Many of the countries haven't experienced the same level of worm mass mailings, denial-of-service attacks other IT security threats that companies in the U.S have been dealing with for years, Hattar said. As a result, she added, there sometimes appears to be more tolerance in other countries for end-user behavior that would be considered risky in the U.S.

For example, about 64% of the IT decision makers surveyed in China and nearly half of the ones in Brazil said they thought that employees at their companies allowed outsiders to use corporate laptops and mobile devices without any supervision.

Meanwhile, 39% of the end users polled in Brazil and 20% in India admitted to sharing sensitive information about their jobs with family members and friends; another 8% and 7%, respectively, said they had shared such data with absolute strangers. In contrast, the number of respondents in the U.S who acknowledged that they had done the same things was 16% and 2%. In a majority of the cases, the survey respondents said they discussed sensitive information with others because they wanted to bounce an idea off of someone, or just vent.

Compared with workers in other countries, a significantly larger proportion of end users in China (42%), Brazil (26%) and India (20%) altered the security settings on their company-issued laptops. Just 2% of those surveyed in the U.S. said they had done that. Similarly, more than 60% of the workers surveyed in Brazil and China said they had transferred company documents to and from their home computers while working remotely.