Mumbai: 72% of Remote workers have become more conscious of their organisation’s cybersecurity policies since lockdown began. But many are breaking the rules anyway due to limited knowhow or resource constraints, reveals TrendMicro‘s new Head in the Clouds study.
Trend Micro’s Head in the Clouds study interviewed 13,200 remote workers across 27 countries on their attitudes towards corporate cybersecurity and IT policies.
For companies, there has never been a better time to take advantage of heightened employee cybersecurity awareness. The approach businesses take to training is critical to ensure secure practices are being followed, according to the study.
A high level of security awareness prevails in India, the study found with 84% of respondents claimed that they take IT team instructions seriously. And 83% of respondents agreed that cybersecurity within their organisation is partly their responsibility.
Additionally, 67% of remote workers acknowledged that using non-work applications on a corporate device is a security risk. However, just because most people understand the risks does not mean they stick to the rules.
- 44% of employees admit to using a non-work application on a corporate device, and 46% of them have actually uploaded corporate data to that application.
- 83% of respondents confess to using their work laptop for personal browsing, and only 45% of them fully restrict the sites they visit.
- 42% of respondents say they often or always access corporate data from a personal device – almost certainly breaking corporate security policy.
- 14% of respondents admit to watching / accessing porn on their work laptop, and 14% access the dark web.
Productivity still wins out over protection for many users. As many as 52% of respondents agreed that they do not give much thought to if the apps they use are sanctioned by IT or not, they just want the job done.
Additionally, 44% think they can get away with using a non-work application, as the solutions provided by their company are ‘nonsense.’
“There’s a great number of individual differences across the workforce. This can include individual employee’s values, accountability within their organisation, as well as aspects of their personality, all of which are important factors that drive people’s behaviours,” said Dr. Linda K. Kaye, Cyberpsychology Academic – Edge Hill University.
“To develop more effective cybersecurity training and practices, more attention should be paid to these factors. This, in turn, can help organisations adopt more tailored or bespoke cybersecurity training with their employees, which may be more effective,” added Kaye.
“It’s really heartening to see that so many people take the advice from their corporate IT team seriously, although you have to wonder about the 16% who don’t. At the same time those people also accept their own role in the human firewall of any organisation,” said Nilesh Jain, VP – Southeast Asia and India, Trend Micro.
“The problem area seems to be translating that awareness into concrete behaviour, according to Jain.
To reinforce this, Jain asked organisations to take into account the diversity across the organisation and tailor training to identify and address these distinct behavioural groups.
“The time to do this is now, to take advantage of the new working environment and people’s newfound recognition of the importance of information security,” added Jain.
The Head in the Clouds study looks into the psychology of people’s behaviour in terms of cybersecurity, including their attitudes towards risk.
It presents several common information security “personas” with the aim of helping organisations tailor their cybersecurity strategy in the right way for the right employee.