Cybersecurity Risk Behaviors Persist Despite Improved Employee Awareness

Due to the pandemic lockdown, the number of work from home employees has dramatically increased. As restrictions are being lifted, this shift to telecommuting is seemingly here to stay. Many companies are planning to let employees continue to work from home in some fashion, permanently or on a shift basis.

Now is a good time to review and renew security practices related to remote working. In particular, focus on security protocols related to remote employee home environment and tools; and an employee’s cybersecurity awareness training and risk behaviours. Unfortunately, the weakest link to a business’s security chain is often its employees.

According to a new study from Trend Micro, though many employees have become more cyber-aware during the lockdown, poor security habits persist.

In a poll of 13,000+ remote workers, across 27 countries, it was found:

  • 56% admit to using a non-work app on a corporate device,
  • 66% have uploaded corporate data to it,
  • 39% “often” or “always” access corporate data from a personal device,
  • 29% feel they can get away with using a non-work app, as IT-back solutions are “nonsense”.

It appears that many employees, though aware of cybersecurity best practices, are choosing not to follow them in their home environments.

Part two of the study found 4 camps of employees based on their cybersecurity behaviours:

  1. Fearful. These employees are anxious their actions could put themselves or the organization at risk and are not always aware of the risks or how to manage them.
  2. Conscientious employees are the exemplary ones versed in cybersecurity risks, proactive in avoiding and managing risks.
  3. Ignorant users show a distinct lack of cybersecurity awareness.
  4. Daredevil employees challenge cybersecurity practices. They understand the risks but purposely ignore the best practices, believing that the security responsibility lies elsewhere with the organization.

A one-size-fits-all security training won’t resonate with all the personas. Tailored cybersecurity training to address the different personalities is recommended. Some employees may require mentoring. Gamification is another method to present security information. Others may need incentives and rewards for good behaviour. A personalized approach to each of the persona groups will help to improve security awareness and decrease risk behaviours.


PC Corp Managed Services offers employee cybersecurity training. Have a chat with our Managed Services team for more information. Ask us anything at

Small Business