Remote Workers Becoming More Security Conscious Although Bad Habits Persist

Remote workers have become significantly more cybersecurity conscious since the COVID-19 lockdown began, according to a new study from Trend Micro. It found that nearly three-quarters (72%) of remote workers are more aware of their organization’s cybersecurity policies, and 85% now take instructions from their IT team seriously.

Additionally, 81% agreed that workplace cybersecurity is partly their responsibility, whilst 64% acknowledged that it is a security risk to use non-work applications on a corporate device.

The findings, taken from interviews with 13,200 remote workers across 27 countries, suggest that employees are increasingly recognizing the additional cyber-threats to businesses brought about the sudden shift to mass home working during the pandemic.

Despite this however, the report indicated that bad cybersecurity habits remain highly prevalent amongst remote workers. Over half (56%) of respondents admitted to using a non-work application on a corporate device, and 66% have uploaded corporate data to that application. Personal browsing using work laptops was found to be undertaken by 80% of remote workers, with just 36% fully restricting the sites they use, whilst 39% said they often or always access corporate data from a personal device.

A small proportion even admitted to watching/accessing porn (8%) and accessing the dark web on their work laptop (7%).

These kinds of risky behaviors appear to stem from attitude rather than ignorance, with 34% stating that they do not give much thought as to whether the apps they use are sanctioned by their organizations’ IT team.

Bharat Mistry, principal security strategist at Trend Micro, said: “It’s encouraging to see that so many take the advice from their corporate IT team seriously. Having said that, there are individuals who are either blissfully ignorant or worse still who think cybersecurity is not applicable to them and will regularly flout the rules. Hence having a one size fits all security awareness program is a non-starter as diligent employees often end up being penalized. A tailored training program designed to cater for employees may be more effective.”

What’s Hot on Infosecurity Magazine?