Remote working raises cybersecurity sense, but many still break rules

Photo by Mimi Thian

Nearly three-quarters (72%) of remote workers say they are more conscious of their organisation’s cybersecurity policies since lockdown began, according to Trend Micro’s Head in the Clouds report.

Still, many such workers are breaking the rules anyway due to limited understanding or resource constraints.

The study is based on interviews with 13,200 remote workers across 27 countries on their attitudes towards corporate cybersecurity and IT policies.

The survey reveals that there has never been a better time for companies to take advantage of heightened employee cybersecurity awareness. It also shows that the approach businesses take to training is critical to ensure secure practices are being followed.

Among respondents, 85% of respondents claiming they take instructions from their IT team seriously, and 81% agree that cybersecurity within their firm is partly their responsibility. 

Also, 64% acknowledge that using non-work applications on a corporate device is a security risk.

However, just because most people understand the risks does not mean they stick to the rules. For example, 56% of employees admit to using a non-work application on a corporate device, and 66% of them have actually uploaded corporate data to that application.

Four in every five (80%) respondents confess to using their work laptop for personal browsing, and only 36% of them fully restrict the sites they visit. 

Two in every five (39%) respondents say they often or always access corporate data from a personal device — almost certainly breaking corporate security policy.

Further, 8% of respondents admit to watching or accessing porn on their work laptop, and 7% access the dark web.

Even then, productivity still wins out over protection for many users. A third (34%) of respondents agree that they do not give much thought to whether the apps they use are sanctioned by IT or not, as they just want the job done.

Additionally, 29% think they can get away with using a non-work application, as the solutions provided by their company are ‘nonsense.’

“Having a one size fits all security awareness programme is a non-starter as diligent employees often end up being penalised,” said Bharat Mistry, principal security strategist at Trend Micro. “A tailored training programme designed to cater for employees may be more effective.”