How Data security and Employee Cultural differences are related to outsourcing?
October 9, 2008
With globalization and offshore outsourcing on the rise, several companies have employees and contractors using their business critical data in various countries like India, China, Brazil, etc. Many companies do not have comprehensive security policies and procedures to mange their business data in offshore locations. Cisco systems sponsored a study to find the cultural differences of employees working in various countries and how it affects their handling of secure data. The study finds that employees and their culture play a key role in the security of business critical data.
The study interviewed IT decision makers in the following countries: US, UK, France, Germany, Italy, Japan, China, India, Australia and Brazil, following is the result of the study:
1. Many countries did not have issues like denial of attack, worm in Email, etc, like US and UK, so the employees in those countries have much more tolerance in using their computer and networks, which are considered security threat in US.
2. Employees in other countries take their laptop home and use it for their personal purpose and they allow outsiders to use their laptop and mobile devices without any supervision. They also share customer problems and issues with their friends and families because they want to find an idea for a problem or just to vent out their daily issues that happened at office.
3. They also alter the security and policy settings in their laptops, which is considered to be a critical
security violation in countries like US and UK.
4. When guests visit employees during office hours, most of the time they were not escorted while entering and leaving a secured office facility. Employees in UK and US generally follow the security procedures and policies more methodically then employees in other countries. In other countries the cultural and social issues plays a key role among the employees and they take the security issues lightly.
Though the offshore vendors and captive centers owned by US companies have state of the art technology in place for security and they are on par with US, but ultimately the employees need to be trained to use and follow the security policies and guidelines set by the parent company in US. If the companies do not take this issue seriously before outsourcing then they compromise the security of their own data. The bottom line is that companies in US and UK can outsource the work, but they cannot outsource their liability to ensure the security of their business data.