Remote workers in Singapore aware of security rules, but still break them anyway

15-Jul-2020 Intellasia | Zdnet | 6:02 AM Print This Post

Some S59 percent of Singapore workers say they have their company’s cybersecurity policies in mind whilst working remotely amidst the global pandemic, but 52 percent admit to using non-work applications on a corporate device and 38 percent connect to public Wi-Fi networks without using the corporate VPN.

More than half of workers in Singapore have their company’s cybersecurity policies in mind whilst working remotely amidst the COVID-19 pandemic, but several still break the rules anyway. Some 38 percent admit to connecting to public Wi-Fi networks without using their corporate VPN (virtual private network) application, while 37 percent have uploaded corporate data on to non-work applications.

Some 59 percent of employees working remotely in the country said they were “more conscious” of their organisation’s security policies when Singapore adopted strict safe distancing rules during its “circuit breaker” period. However, many still broke the rules anyway due to limited understanding or resource constraints, according to a Trend Micro survey, which polled 502 respondents in Singapore. The study was part of a global report to assess remote workers’ treatment of corporate cybersecurity and IT policies.

The Singapore findings revealed that 89 percent of remote workers said they took instructions from their IT team seriously and 87 percent recognised their role in keeping their organisation secure. Another 71 percent were aware using non-work applications on a corporate device posed a security risk.

Such awareness, however, failed to materialise into actual behaviour. For instance, 39 percent said they often or always accessed corporate data using a non-work device. Another 16 percent were likely to click on a link offering free services, such as extra cloud storage and speedier internet connectivity, even when these were from unknown email addresses.

Some 52 percent admitted to downloading or using non-work applications on a corporate device, including 35 percent who did so without prior permission from their IT team. And 37 percent of Singapore respondents had uploaded corporate data to non-work applications.

Trend Micro warned that cybercriminals were looking to exploit such practices to breach enterprises. Phishing attacks, for instance, remained a hot tool amongst malicious hackers, with the number of such attacks in Singapore climbing from 16,100 in 2018 to 47,500 last year. These stats were from a recent report by Cyber Security Agency of Singapore, which revealed that cybercrime accounted for 26.8 percent of all crimes in the nation last year.

Trend Micro’s Southeast Asia and India vice president, Nilesh Jain, said: “It is encouraging to see a majority of Singaporean employees recognising their role as the human firewall of their company. To close the cyber risk gap, especially caused by people who are either unaware of security policies or even those who think they are above the rules, organisations should not only provide training but take an opportunity to add guardrails and controls while understanding the users’ needs.

“Using a combination of both in a positive and easy-to-use fashion will hopefully encourage behavioural change and understanding,” Jain said.

Citing Edge Hill University’s cyberpsychology academic Linda K. Kaye, the report noted that there were significant individual differences across the workforce. “This can include individual employee’s values, accountability within their organisation, as well as aspects of their personalitall of which are important factors that drive people’s behaviours,” Kaye said. “To develop more effective cybersecurity training and practices, more attention should be paid to these factors. This, in turn, can help organisations adopt more tailored or bespoke cybersecurity training with their employees, which may be more effective.”


Category: Singapore

Print This Post