More than half of workers in Singapore have their company’s cybersecurity policies in mind whilst working remotely amidst the COVID-19 pandemic, but several still break the rules anyway. Some 38% admit to connecting to public Wi-Fi networks without using their corporate VPN (virtual private network) application, while 37% have uploaded corporate data on to non-work applications.
Some 59% of employees working remotely in the country said they were “more conscious” of their organisation’s security policies when Singapore adopted strict safe distancing rules during its “circuit breaker” period. However, many still broke the rules anyway due to limited understanding or resource constraints, according to a Trend Micro survey, which polled 502 respondents in Singapore. The study was part of a global report to assess remote workers’ treatment of corporate cybersecurity and IT policies.
The Singapore findings revealed that 89% of remote workers said they took instructions from their IT team seriously and 87% recognised their role in keeping their organisation secure. Another 71% were aware using non-work applications on a corporate device posed a security risk.
Such awareness, however, failed to materialise into actual behaviour. For instance, 39% said they often or always accessed corporate data using a non-work device. Another 16% were likely to click on a link offering free services, such as extra cloud storage and speedier internet connectivity, even when these were from unknown email addresses.
Some 52% admitted to downloading or using non-work applications on a corporate device, including 35% who did so without prior permission from their IT team. And 37% of Singapore respondents had uploaded corporate data to non-work applications.
Trend Micro warned that cybercriminals were looking to exploit such practices to breach enterprises. Phishing attacks, for instance, remained a hot tool amongst malicious hackers, with the number of such attacks in Singapore climbing from 16,100 in 2018 to 47,500 last year. These stats were from a recent report by Cyber Security Agency of Singapore, which revealed that cybercrime accounted for 26.8% of all crimes in the nation last year.
Trend Micro’s Southeast Asia and India vice president, Nilesh Jain, said: “It is encouraging to see a majority of Singaporean employees recognising their role as the human firewall of their company. To close the cyber risk gap, especially caused by people who are either unaware of security policies or even those who think they are above the rules, organisations should not only provide training but take an opportunity to add guardrails and controls while understanding the users’ needs.
“Using a combination of both in a positive and easy-to-use fashion will hopefully encourage behavioural change and understanding,” Jain said.
Citing Edge Hill University’s cyberpsychology academic Linda K. Kaye, the report noted that there were significant individual differences across the workforce. “This can include individual employee’s values, accountability within their organisation, as well as aspects of their personalit — all of which are important factors that drive people’s behaviours,” Kaye said. “To develop more effective cybersecurity training and practices, more attention should be paid to these factors. This, in turn, can help organisations adopt more tailored or bespoke cybersecurity training with their employees, which may be more effective.”