More than four fifths (82%) of remote workers in the UAE say they are more conscious of their organisation’s cybersecurity policies since lockdown began in March.
But many are breaking the rules anyway due to limited understanding or resource constraints, says a survey by Trend Micro Incorporated, a global leader in cybersecurity solutions.
The UAE has since seen lockdown regulations ease as organisations return to work with new physical distancing and hygiene precautions.
Trend Micro’s Head in the Clouds study is distilled from interviews with 13,200 remote workers across 27 countries, including 502 remote working knowledge workers in the UAE, on their attitudes towards corporate cybersecurity and IT policies.
It reveals that there has never been a better time for companies to take advantage of heightened employee cybersecurity awareness. The survey reveals that the approach businesses take to training is critical to ensure secure practices are being followed.
The results indicate a high level of security awareness in the UAE, with 88% of respondents claiming they take instructions from their IT team seriously, and 85% agree that cybersecurity within their organisation is partly their responsibility. Additionally, 79% acknowledge that using non-work applications on a corporate device is a security risk.
However, just because most people understand the risks does not mean they stick to the rules.
For example 58% of employees admit to using a non-work application on a corporate device, although 38% had asked permission from IT to do so. 39% of them have actually uploaded corporate data to that application.
And 40% of respondents confess to using their work laptop for personal browsing, and only 49% of them fully restrict the sites they visit.
36% of respondents say they often or always access corporate data from a personal device – almost certainly breaking corporate security policy and 6% of respondents admit to watching / accessing inappropriate material on their work laptop, and 8% access the dark web.
Productivity still wins out over protection for many users in the UAE. A third of respondents (38%) agree that they do not give much thought to whether the apps they use are sanctioned by IT or not, as they just want the job done.
Additionally, 37% think they can get away with using a non-work application, as the solutions provided by their company are ‘nonsense.’
Trend Micro’s Head in the Clouds study looks into the psychology of people’s behaviour in terms of cybersecurity, including their attitudes towards risk. It presents several common information security “personas” with the aim of helping organisations tailor their cybersecurity strategy in the right way for the right employee, including employees who take a conscientious, fearful, ignorant, or ‘daredevil’ approach to cybersecurity.
“The high degree of cybersecurity awareness in the UAE as demonstrated by the survey results is not surprising given the country’s pioneering approach to delivering online services through a ‘smart cities’ strategy – this has resulted in a highly mature and aware market,” said Majd Sinan, Country Manager UAE at Trend Micro. “In the UAE, cybersecurity training should evolve not only to take different personas into account, but also the new normal of remote working.”
“In today’s interconnected world, unashamedly ignoring cybersecurity guidance is no longer a viable option for employees in the UAE,” Majd Sinan added.
“It’s encouraging to see that so many take the advice from their corporate IT team seriously. Having said that, there are individuals who are either blissfully ignorant or worse still who think cybersecurity is not applicable them and will regularly flout the rules. Hence having a ‘one size fits all’ security awareness programme is a non-starter. A tailored training programme that reflects the UAE’s technologically-advanced and mature approach, and that is designed to cater for multicultural employees, will likely be the most effective one.”