Research shows how “social learning” impacts security skills – and it says a lot about securing remote workers.
Remote working is here to stay. And there are benefits. But when it comes to security, remote working poses a problem.
Remote workers know less about security than people based in offices.
Remote workers are less confident in their security skills.
And they’re less motivated to follow security policies.
In fact, CybSafe research shows 23% of people have used personal devices when working from home. 19% even delay video conferencing software updates. Why?
Sure, things like posters, desk-drops and security checks don’t boost remote worker security. But that’s only part of the story.
Because it turns out remote workers might be tough to secure…
Simply because they’re remote.
People learn from people
Remote workers work alone. And that’s a problem because people learn from other people.
We learn from what people say. And what people do. And remote workers – from their home offices, local Costas or 12:34pm trains from Swindon to Paddington – don’t get much of a chance to learn from other people.
So a few years back, security researchers looked into how isolation influences remote worker security.
The researchers measured people’s “vicarious experience” – ie, people’s observations of others.
They also measured the level of security feedback people received.
And they measured “situational support” – the extent to which people believed their environment aided security. (Because, according to social learning theory, mental states influence social learning.)
When the researchers crunched the numbers, it turned out their initial hunch was right.
The more we observe the security skills of others, the greater our security skills. The more verbal security feedback we receive, the greater our security skills. And the more we feel our environment aids security, the greater our security skills.
The research revealed a major barrier to remote worker security:
Remote workers work alone.
How to respond
The conclusion is pretty damning. But we need to accept it.
Remote working is both on the rise and here to stay. And we need to improve security despite the constraint.
That takes thought and creativity. But it can be done.