Workers flaunting cybersecurity rules during lockdown

Trend Micro believes risky employee behaviour is “more a case of attitude than ignorance.”

Posted 3 July 2020 by Christine Horton

Nearly three quarters (72 percent) of remote workers say they are more conscious of their organisation’s cybersecurity policies since the lockdown began.

That’s according to a new study from cybersecurity vendor, Trend Micro.

However, Trend Micro’s Head in the Clouds study indicates that although most people understand the risks, it doesn’t mean they stick to the rules. For example, 56 percent of employees admit to using a non-work application on a corporate device, and 66 percent of them have uploaded corporate data to that application.

Eighty percent of respondents say they use their work laptop for personal browsing, and only 36 percent of them fully restrict the sites they visit. Thirty-nine percent of respondents say they often or always access corporate data from a personal device – almost certainly breaking corporate security policy. Moreover, eight percent of respondents admit to watching / accessing porn on their work laptop, and seven percent access the dark web. 

Trend believes this shows these behaviours are “more a case of attitude than ignorance.” A third of respondents (34 percent) agree that they do not give much thought to whether the apps they use are sanctioned by IT or not, as they just want the job done. Additionally, 29 percent think they can get away with using a non-work application, as the solutions provided by their company are ‘nonsense.’ 

“In today’s interconnected world, unashamedly ignoring cybersecurity guidance is no longer a viable option for employees”, said Bharat Mistry, principal security strategist, Trend Micro.

“It’s encouraging to see that so many take the advice from their corporate IT team seriously. Having said that, there are individuals who are either blissfully ignorant or worse still who think cybersecurity is not applicable them and will regularly flouter the rules. Hence having a one size fits all security awareness programme is a non-starter as diligent employees often end up being penalised. A tailored training programme designed to cater for employees may be more effective.” 

Elsewhere, another survey shows a marked increase in the adoption of security tools during the COVID-19 pandemic.

The research by Exabeam shows 88 percent of recent firms said the accelerated move to the cloud was driven by the need to support a remote workforce.