back to article US govt staffers use personal gear on work networks, handle biz docs on the reg – study

Employees of US government agencies are largely ignoring basic security measures. This is according to a study published this month by security biz Lookout, which suggests Uncle Sam's staffers may be putting confidential information at risk. According to a survey of 200 IT and security admins at US federal agencies, 67.5 per …

  1. JassMan

    Private computers aren't always the least secure.

    It all depends on the individual user. I am sure that many readers of el Reg could set up a private computer to be MUCH more secure than systems set up for government agencies by outsourced IT departments whose only interest is keeping shareholders happy.

    I'm betting that Edward Snowden's personal laptop was tons more secure than CIA network systems he was working on.

  2. Chairman of the Bored Silver badge

    Simple but bad explanation

    Been there, seen that. Did it? Your honor, I plead the fifth.

    These people- by and large - are not stupid. They know the policies and risks. But their gear is crap, support is worse, and they are still expected to accomplish their mission - whatever it takes.

    You want it done real bad? It will probably get done real bad.

    Bet you any other hellhole of compliance-based mentality and mind numbing bureaucracy will be the same. Sad, really.

    1. big_D Silver badge

      Re: Simple but bad explanation

      I wouldn't put my company email on a private phone. If they want me to be available out-of-hours, they will have to provide the kit and the extra pay...

      But it has always been the case, that most IT enthusiasts have better kit at home than at work.

    2. GnuTzu

      Re: Simple but bad explanation

      The gear isn't all that bad; it's loaded down with end-point security programs. Still, to run all those security tools, they should be spending at least as much on horsepower as users do on their home equipment.

    3. Disgusted of Cheltenham

      Re: Simple but bad explanation

      Once upon a time I recall sending any incoming emails with .docx home so I could convert them to .doc or .rtf or something that we could read at the office.

  3. Len Goddard

    Security is a pain

    Lets be honest, keeping a machine secure at work or at home is generally inconvenient as the requirements will make simple tasks less so (or occasionally impossible). As a result many people will cut corners as they really don't understand the risks.

    I've never used my own equipment in the workplace - if my employer wants me to use a computer he can pay for it - and I am sufficiently paranoid never to have picked up a nasty at home. But this is made easier as I don't frequent social media or pornographic websites (is there a difference?) so I am less at risk than some. Also, I very rarely use public wi-fi hotspots and when I do it is from very tightly locked down linux device.

    Amusingly, the only time I ever had a problem was at work inside a pretty solid corporate firewall. I had been issued a new laptop and I had to plug it into the office network to pick up the mandated firewall & a/v packages (no pre-installed corporate setup at the time). During that process the thing picked up no less than 6 viruses. IT support tracked them down to a guy who had taken his laptop home and let his kids install games on it ...

  4. DNTP

    Sure is a problem, yup

    I'm not employed by the government, but last year's security incident audit identified this issue as one of our site's biggest vulnerabilities. Good! The Specific Vulnerability is an extremely high up Important Person's personal laptop that keeps getting viruses and keeps getting connected to the network. Not Good!

  5. Black Betty

    Simon knows what to do.

    Instant destruction of device. Bonus BOFH points for making the user wield the hammer themself.

  6. Anonymous Coward
    Anonymous Coward

    Love to know what percentage were Huawei devices...

  7. Arthur the cat Silver badge

    "Federal agency"

    That can cover a lot of ground. I doubt (well, hope) the TLA agencies are that slack about security, especially post-Snowden, but why would it matter that much for agencies like the US National Park Service or NOOA?

    1. allthecoolshortnamesweretaken

      Re: "Federal agency"

      Technically, the IRS is a TLA.

      Oh well, it's not like they have lots of intimate data on everyone, right?

  8. Doctor Syntax Silver badge

    This survey - did Lookout have official sanction to conduct it and did the respondents have clearance to give their answers?

  9. Anonymous Coward
    Anonymous Coward

    Who needs Huawei?

    When your staff are insecure it doesn't matter how good the kit is.

  10. Merrill

    People are fundamental to security

    Security depends on the trustworthiness, expertise, and diligence of people.

    But any reasonably large group of people will include one who is a defector, stupid, or lazy. That is why secure organizations are organized in small cells.

    1. handleoclast

      Re: People are fundamental to security

      Actually, people are fundamental to insecurity.

      The more people you have, the less secure you are. Eliminate all the people and your security improves a lot.

      IBM are aiming to be the most secure company in the world. And they're not far off getting there.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021