Employees breaking cyber rules despite awareness
Employees have become more conscious of cybersecurity since making the transition to remote work, but are continuing to break the ‘rules’ due to limited understanding and resource constraints, research by Trend Micro has found.
Nearly three-quarters of the 13200 employees surveyed globally said they had become more aware of their company’s cyber policies during COVID-19 lockdown.
Despite this, more than half admit to using a non-work application on a corporate device, with 66% uploading corporate data onto that application. Around 8% of respondents confess to watching pornography and 7% say they use the dark web on their work laptop.
The research suggests that the onus is on IT leaders to better communicate the risks, with 85% of respondents claiming they take instructions from their IT team seriously.
“In today’s interconnected world, unashamedly ignoring cybersecurity guidance is no longer a viable option for employees,” said Bharat Mistry, Principal Security Strategist, Trend Micro.
“It’s encouraging to see that so many take the advice from their corporate IT team seriously. Having said that, there are individuals who are either blissfully ignorant or worse still who think cybersecurity is not applicable them and will regularly flout the rules.
“Hence, having a one-size-fits-all security awareness program is a non-starter as diligent employees often end up being penalised.
“A tailored training program designed to cater for employees may be more effective.”
Dr Linda K Kaye, Cyberpsychology Academic at Edge Hill University, agreed and said behavioural psychology principles should always be considered in enacting a cybersecurity policy.
“There are a great number of individual differences across the workforce. This can include employee values, accountability within their organisation, as well as aspects of their personality — all of which are important factors which drive people’s behaviours,” said Dr Kaye.
“To develop more effective cybersecurity training and practices, more attention should be paid to these factors. This, in turn, can help organisations adopt more tailored or bespoke cybersecurity training with their employees, which may be more effective.”
Claroty said it has found and reported critical vulnerabilities in three popular VPN products...
Most security professionals lack the tools to detect known security threats and close known...
The new company, CyAmast, is based on software developed by Dr Hassan Habibi and his research...