When National Data Moves Home: Cyber Threat Risks During Civil Servants' WFH...

Since 10 April 2026, the government will officially implement a Work From Home (WFH) policy for Civil Servants (ASN) in both central and regional agencies. This strategic step is essentially taken to save national energy. It is a direct impact of the soaring global oil prices triggered by armed conflicts in the Middle East region. More than just saving fuel, the government actually has a secondary mission to encourage transformation in more efficient work patterns based on digital systems. Unfortunately, behind this good intention of efficiency, there is one crucial gap. The readiness of digital infrastructure, especially regarding vigilance against cyber security threats during WFH, apparently has not yet become the main focus of many government agencies. This is acknowledged by Bulan (55), not her real name, an ASN in one of the ministries in Jakarta. Her agency’s attention is currently focused more massively on monitoring the work process and output of employees working remotely. To ensure that civil servants continue to work, Bulan’s agency has a special monitoring application that is directly integrated with the personnel portal and attendance system. The procedure is quite strict; when doing tap-in attendance, each employee is required to fill in their daily work plan to match performance indicators (KPI). Then, before the end of working hours and employees do tap-out, they are required to upload evidence of the work results that have been completed that day. A similar experience is also felt by Bintang (30), not his real name, an ASN in a different ministry. Bintang stated that socialisation regarding data protection security during WFH has not been widely promoted in his agency. According to Bintang, the technical training provided by the office so far is limited to tutorials on how to use the Single Sign-On (SSO) system. This SSO system itself has actually started to be implemented since the Covid-19 pandemic era. Due to the lack of security guidelines, both Bulan and Bintang end up working with whatever “weapons” they have. Both admit to using personal devices and relying heavily on home internet connections while undergoing WFH. Bulan revealed that her office does not provide special security software at all. She only relies on the standard antivirus programme that is already installed on her work device. Nevertheless, Bulan feels quite calm because she considers the daily data she processes to be generally not very sensitive. For crucial matters, access is then equipped with additional security layers, such as the requirement to use two-factor authentication (2FA) and One Time Password (OTP).