ROLLING MEADOWS, IL — According to a national survey conducted by the Information Systems Audit and Control Association, U.S. workers are not always on board with their employers’ information technology security policies. More than one-third of respondents reported violating IT policies within the past year, and nearly one-sixth used file-sharing applications at work. Both habits jeopardize sensitive business and personal information across the enterprise, according to ISACA.The survey, conducted by phone, also discovered 65-percent of the white-collar professionals contacted either were not very concerned or not concerned at all about their privacy when using a workplace computer. Sixty-three percent reported being either not very concerned or not concerned at all about the security of their information while at work.

They should be, according to John Pironti, a member of ISACA’s Education Board.

“A single seemingly harmless activity, such as using peer-to-peer networks while at work, can breach the confidentiality and security of an entire corporate network, including all of the documents, data and internal communications that reside on that network,” he said. “On average, at a company of 1,000 white-collar employees, up to 70 employees are likely using peer-to-peer file sharing while at work often or very often, based on the survey findings. Companies and employees should be very concerned about their personal and corporate data in light of this information.”

Pironti proposed the apparent lack of concern may be due to a common misconception: Employees seem to believe file-sharing, downloading, and other online behaviors pose little or no risk to their companies. Seventy-four percent of survey respondents who admitted downloading personal software onto a work computer said they believe the practice poses no threat from malware or spyware that unintentionally may be downloaded concurrently. Of those who admitted to checking personal email on their work computers, 73-percent said infecting the corporate network with an inadvertently downloaded virus was not a concern for them.