KUALA LUMPUR (Oct 3): A majority of Malaysians connect corporate laptops to their home network, according to a recent survey by Tokyo-headquartered American-Japanese multinational cybersecurity software company Trend Micro Inc.

Trend Micro’s "Head in the Clouds" study surveyed more than 13,000 remote workers across 27 countries, including more than 500 in Malaysia, to find out more about the habits of distributed workforces during the ongoing Covid-19 pandemic.

The study found that 77% of Malaysian respondents connect corporate laptops to their home network.

Trend Micro said although these machines are likely to be better protected than personal devices, there is still a risk to corporate data and systems if users are allowed to install unapproved applications on these devices to access home Internet of Things (IoT) devices.

Additionally, it said about 35% of its Malaysian respondents had uploaded corporate data to a non-work application in the past.

Cyberpsychology expert Dr Linda K Kaye said the fact that so many remote workers use personal devices for accessing corporate data and services suggests that there may be a lack of awareness of the security risks associated with this.

“Tailored cybersecurity training which recognises the diversity of different users and their levels of awareness and attitudes around risks would be beneficial to help mitigate any security threats which may be derived from these issues,” she said.

Kaye said more than half (52%) of global remote workers had IoT devices connected to their home network, 10% using lesser-known brands, the study revealed.

She said many such devices — especially those of smaller brands — had well-documented weaknesses, such as unpatched firmware vulnerabilities and insecure logins.

“These could theoretically allow attackers to gain a foothold in the home network, then use unprotected personal devices as a stepping stone into the corporate networks being connected to,” she said.

Meanwhile, Goh Chee Hoh, the managing director of Trend Micro Malaysia and Nascent Countries said the IoT had empowered simple devices with computing and connectivity, but not necessarily adequate security capabilities.

“They could actually be making hackers’ lives easier by opening back doors that could compromise corporate networks. This threat is amplified as an age of mass remote work blurs the lines between private and company devices, putting both personal and business data in the firing line.

“Now more than ever, it is important that individuals take responsibility for their cybersecurity and that organisations continue to educate their employees on the best practices,” said Goh.

Trend Micro recommended that employers ensure their remote workers are compliant with existing corporate security policies or, if needed, companies should refine these rules to recognise threats from bring-your-own-device (BYOD) practices and IoT devices and applications.

It said companies should also reappraise the security solutions they offer to employees using their own home network to access corporate information.

The firm said shifting to a cloud-based security model can alleviate many remote working risks in a highly cost-efficient and effective manner.