What dangerous behaviors do users regularly engage in using company owned computer equipment?

A graduate student asked me to help him in his research regarding technical issues in Industrial-Organizational Psychology. Here are some of the observations I see on a regular basis. Perhaps you can add even more through your blog responses about computer user behavior that will help him in his quest:

  • Installing a program, toolbar, browser plug-in, or any other tool without the IT manager’s permission on your computer
  • Writing your password down where someone could find it
  • Using a password that would be easy for someone to figure out
  • Experimenting in windows with screen savers, screen colors, desktop settings, and other non-work-related activities
  • Putting a family photo on  your computer as a background

  • Calling the IT department to “hold your hand” over the phone while you restart your computer to solve the same problem they have helped you fix 20 times
  • Calling the IT department to ask them to support your personal software that isn’t approved by the company
  • Not taking time to learn to use your applications correctly, and taking 3 times longer to perform a task through “this is the way my coworker showed me” instead of learning the fast proper way to accomplish a task
  • Use your laptop on the road to connect to insecure wireless networks at airports, hotels, coffee shops, etc.
  • Plugging in a USB device or inserting a CD/DVD that IT hasn’t checked for viruses, spyware, and other dangers
  • Copying company data to removable media that might be lost – exposing the company to liabilities and damages
  • Acting as if you are stupid just to prove “this computer/software is too hard to use” when, in reality, you are perfectly capable of using the computer/software if you wanted to
  • Eating food near your computer and gumming up the keyboard with spills, crumbs, etc.
  • Connecting to the Internet using a personal device (phone, laptop modem, etc) at work to bypass the company monitoring and blocking tools
  • Forwarding an e-mail you received that has a political or other message from your company account. When an e-mail leaves from your company account, someone might think your company holds that position or opinion
  • Interfering with the corporate security steps by aborting anti-virus scans, interrupting installations of patches and updates, or answering “yes” if prompted with any message similar to, “Is it ok if this program performs a risky behavior?”
  • Giving out your password to anyone, including your boss, manager, or IT professional for any reason
  • Sending confidential information in text or attachments via an unencrypted e-mail message. Even if the recipient is authorized to see the content, e-mail is insecure and can be easily intercepted along the way
  • Seeing a security risk and not reporting it immediately to your supervisor
  • Bringing a computer from home and connecting it to the network at work
  • Using your home computer to connect to the office network without a trained professional making sure your home computer is secure
  • Connecting to your office from a hotel or internet café computer – since those computers are often infected with viruses and spyware
  • Allowing a guest to use your computer or your phone/PDA
  • Allowing a guest to connect to your wired or wireless network
  • Storing company data on your laptop – even if it is a company laptop – unless you have full disk encryption and are using a strong secure secret key
  • Using a proxy site to bypass the organization’s Internet filtering software and view an unauthorized site
  • Letting a stranger, visitor, or even another employee into the server room without permission from IT and/or the president of the company
  • Employers not taking the proper steps to protect the data of their employees, vendors, and customers
  • Employers not providing adequate training and testing to ensure computer users are competent in security and productivity
  • Calling the IT department to whine about how terrible the new secure password policy is instead of accepting the reality that fighting cyber-crime is everyone’s job
  • Feeling it is your right to be able to use organizational resources for any task you choose
  • Not having an organizational Acceptable Usage Policy that everyone is aware of
  • Not following an organizational Acceptable Usage Policy
  • Answer people’s IT related questions when you don’t know what you are talking about
  • Ask IT advice from someone who isn’t qualified to answer
  • Thinking “it is ok as long as I don’t get caught” when using a computer to do something wrong
  • Seeing an indication on your computer that it may be infected, such as the computer slowing down, and not reporting it to IT
  • Opening attachments in e-mail messages even if you weren’t expecting the attachments
  • Ever sending a message you’d be embarrassed for someone else at the company to read

If you want to, please add your comments to the blog posting below. This will help the graduate student who is working on this study.


Leave a Reply

Your email address will not be published. Required fields are marked *