Nearly three quarters (72%) Two thirds (66%) of remote workers in the UK say they are more conscious of their organisation’s cybersecurity policies since the lockdown began – according to a new study from Trend Micro Incorporated, a global leader in cybersecurity solutions.
However, it might be too early for businesses to breathe a sigh of relief, as the results also found that lockdown does not necessarily apply to employee cybersecurity habits, as risky behaviours persist.
The study, which questioned over 13,000/over 500 remote workers across 27 countries/in the UK on their attitudes towards corporate cybersecurity and IT policies, indicates that there has never been a better time for companies to take advantage of heightened employee cybersecurity awareness to crack down on bad habits once and for all.
But with 85%/82% of remote workers claiming to take instructions from their IT team seriously, 81%/83% agreeing that workplace cybersecurity is partly their responsibility, and 64%/64% acknowledging that using non-work applications on a corporate device is a security risk, further education doesn’t appear to be the answer.
Despite this apparent understanding, large numbers of employees still admit to dangerous cybersecurity practices. For example, 56%/ 51% confessed to using a non-work application on a corporate device, and two thirds (66%)/three quarters (74%) of this number said they had uploaded corporate data to that application.
Meanwhile 80%/81% of remote workers say that they use their work laptop for personal browsing, and only 36%/32% fully restrict the sites they visit. Concerningly over a third 39%/36% likely break corporate security policy, by accessing business data from a personal device.
Examining the results in more detail, evidence shows these behaviours are more a case of attitude than ignorance. A third of remote workers (34%)/27% said that they don’t give much thought to whether the apps they use are sanctioned by IT or not, because they just want the job done. And 29%/25% spoke about “getting away” with using a non-work application as the solutions provided by their company are rubbish.
With infosecurity understanding there, but employee attitudes towards it varying wildly, how can organisations encourage better behaviour from their remote workers? Particularly as a return to work is pushed further and further back…
Dr Linda K. Kaye, Cyberpsychology Academic at Edge Hill University said, “There are a great number of individual differences across the workforce.
“This can include individual employee’s values, accountability within their organisation, as well as aspects of their personality, all of which are important factors which drive people’s behaviours.
“To develop more effective cybersecurity training and practices, more attention should be paid to these factors. This, in turn, can help organisations adopt more tailored or bespoke cybersecurity training with their employees, which may be more effective.”
Bharat Mistry, Principal Security Strategist at Trend Micro said, “In today’s interconnected world, unashamedly ignoring cybersecurity guidance is no longer a viable option for employees.
“So it’s encouraging to see that so many take the advice from their corporate IT team seriously. Having said that, there are individuals who are either blissfully ignorant or worse still who think cybersecurity is not applicable them and will regularly flouter the rules.
“Hence having a one size fits all security awareness programme is a non-starter as diligent employees often end up being penalised. A tailored training programme designed to cater for employees may be more effective.”