Remote Workers More Aware about Security, but are they Following Security Policies?

by | Jul 2, 2020

unregistered devices, Dynamic Communication, Work From Home, security and risk management

It’s been three months since most of us left our offices to work from home. An organisation with 12,000 employees in four offices joked that it now has 12,000 offices! But jokes apart, organisations need to be concerned about the way their employees are using devices and accessing apps and data from home. A survey by Trend Micro reveals that remote workers are more aware about security with 72%  saying they are more conscious about their organisation’s security policies since the lockdown began. However, many show risky behaviour such as using unapproved apps or accessing websites for personal work using corporate devices.

Trend Micro’s Head in the Clouds study is distilled from interviews with 13,200 remote workers across 27 countries on their attitudes towards corporate cybersecurity and IT policies. It reveals that there has never been a better time for companies to take advantage of heightened employee cybersecurity awareness. The survey reveals that the approach businesses take to training is critical to ensure secure practices are being followed.

The Head in the Clouds study looks into the psychology of people’s behaviour in terms of cybersecurity, including their attitudes towards risk. It presents several common information security “personas” with the aim of helping organisations tailor their cybersecurity strategy in the right way for the right employee.

In India, the results indicate a high level of security awareness, with 84% of respondents claiming they take instructions from their IT team seriously, and 83% agree that cybersecurity within their organisation is partly their responsibility. Additionally, 67% acknowledge that using non-work applications on a corporate device is a security risk.

Here are the key findings of the survey:

  • 44% of employees admit to using a non-work application on a corporate device, and 46% of them have actually uploaded corporate data to that application.
  • 83% of respondents confess to using their work laptop for personal browsing, and only 45% of them fully restrict the sites they visit.
  • 42% of respondents say they often or always access corporate data from a personal device – almost certainly breaking corporate security policy.
  • 14% of respondents admit to watching / accessing porn on their work laptop, and 14% access the dark web.

It seems that productivity takes precedence over cybersecurity for many remote workers. More than half (52%) of the respondents said they do not give much thought to whether the apps they use are sanctioned by IT or not, as they just want the job done. Additionally, 44% think they can get away with using a non-work application, as the solutions provided by their company are “nonsense.”

Dr Linda K. Kaye, Cyberpsychology Academic at Edge Hill University explains: “There are a great number of individual differences across the workforce. This can include individual employee’s values, accountability within their organisation, as well as aspects of their personality, all of which are important factors which drive people’s behaviours. To develop more effective cybersecurity training and practices, more attention should be paid to these factors. This, in turn, can help organisations adopt more tailored or bespoke cybersecurity training with their employees, which may be more effective.”

Nilesh Jain, Vice President, Southeast Asia and India, Trend Micro, said, “It’s really heartening to see that so many people take the advice from their corporate IT team seriously, although you have to wonder about the 16% who don’t. At the same time those people also accept their own role in the human firewall of any organisation. The problem area seems to be translating that awareness into concrete behaviour. To reinforce this, organisations to take into account the diversity across the organisation and tailor training to identify and address these distinct behavioural groups. The time to do this is now, to take advantage of the new working environment and people’s newfound recognition of the importance of information security.”

 

 

 

Share This Article!

Brian Pereira
Brian Pereira
Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP India, InformationWeek India and CISO Mag. He has served India's leading newspaper groups: The Times of India and The Indian Express. Presently, he serves the Information Security Media Group, as Sr. Director, Editorial. You'll find his most current work on CIO Inc. During his career he wrote (and continues to write) 5000+ technology articles. He conducted more than 450 industry interviews. Brian writes on aviation, drones, cybersecurity, tech startups, cloud, data center, AI/ML/Gen AI, IoT, Blockchain etc. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. He recently achieved a Certificate in Cybersecurity (CC) from the international certification body ISC2. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]
Recommended Posts
The First 90 Days Are Crucial for the CISO and CIO

This book arms you with insights into crafting a robust 90-day plan, and you’ll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions.

Similar Articles