Oops! Is Your Personality Getting in the Way of Building a Secure Remote Work Environment?


Trend Micro reports that employees, despite being cognizant of looming cyberthreats, disregard established cybersecurity protocols at varying levels. The company believes this may have something to do with individual personalities.

A survey by Trend Micro has brought to light the employee behavior vis-a-vis cybersecurity. The two-part study surveyed 13,200 remote working employees from 27 countries to ascertain the implications of the sudden transition to a remote workOpens a new window environment.

Part 1: A Perspective from Numbers

Despite organizations ramping up employee cybersecurityOpens a new window awareness initiatives, employees’ bad practicesOpens a new window persist, making them more susceptible to cyberattacks.

Trend Micro found out:

  • 72% are more conscious of their organization’s cybersecurity policies
  • 85% claim they take IT instructions seriously
  • 81% agree that cybersecurity is partly their responsibility, and
  • Nearly two-thirds (64%) even admit that using non-work apps on a corporate device is a risk

Another aspect is related accessing corporate data from unauthorized devices:

  • More than half (56%) are still using non-work related application on a corporate device
  • 66% respondents have uploaded corporate data to it
  • 39% often or always access corporate data from a personal device

And here’s the kicker:

  • 29% feel they can get away with using a non-work app, as IT-backed solutions are “nonsense.”

So, why do employees, despite having greater awareness of cyber-threats invite risks?

Learn More: How to Manage Data, Cybersecurity, and Technical Infrastructure with Remote WorkforcesOpens a new window

Part 2: Psychological Analysis

The answer to the above question may have something to do with individual behaviour, personality, and reasoning. Dr Linda Kaye, Cyberpsychology Academic at Edge Hill University categorized cybersecurity behaviour into four profiles on behalf of Trend Micro.

Each profile or persona, namely fearful, conscientious, ignorant and daredevil; is associated with personal and individualistic connotations.

Fearful employees may benefit from training simulation tools like Trend Micro’s Phish Insight, with real-time feedback from security controls and mentoring.

Conscientious staff require very little training but can be used as exemplars of good behavior, and to team up with “buddies” from the other groups.

Ignorant users need gamification techniques and simulation exercises to keep them engaged in training, and may also require additional interventions to truly understand the consequences of risky behavior.

Daredevil employees are perhaps the most challenging because their wrongdoing is the result not of ignorance but a perceived superiority to others. Organisations may need to use award schemes to promote compliance, and, in extreme circumstances, step up data loss prevention and security controls to mitigate their risky behavior.

This signifies the need for a personalized approach to ensure employees do not disregard set cybersecurity policies. It can offer a way for managers and security teams to center in on modulating protocols with respect to each individual personality.

Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!

Learn More: Zero Trust Networks: Guide to Implementing Trusted Architecture in Remote Work EraOpens a new window