Nearly half the employees access corporate data on their personal devices. According to Trend Micro’s study titled “Head in the Clouds,” 42% of workers in India and 46% of workers in New Zealand use their personal devices to access company data often via services and applications hosted in the cloud. The study showed that home devices and their apps are representing a major weak link in the corporate cybersecurity chain as the lines between work and home life increasingly blur.
At a time when the workforce has been functioning remotely, and attacks against companies and employees with privileged access are on the rise, the trend of employees using personal smartphones, tablets, and laptops may be less secure compared to their corporate equivalents. There are also higher chances that their home network is exposed to vulnerable IoT apps and gadgets. The report also highlighted that more than a third of 13,000 remote workers surveyed did not have basic password protection on all personal devices.
The study also found that more than half of remote workers have IoT devices connected to their home network, where a sizable number of employees are using lesser-known brands. The problem with lesser-known brands is the vulnerability it poses like unpatched firmware vulnerabilities and insecure logins.
“IoT has empowered simple devices with computing and connectivity, but not necessarily adequate security capabilities”, said Bharat Mistry, Principal Security Strategist at Trend Micro. “They could actually be making hackers’ lives easier by opening backdoors via which they could compromise corporate networks. This threat is amplified as an age of mass remote working blurs the lines between private and company devices, putting both personal and business data in the firing line. Now more than ever, it is important that individuals take responsibility for their cybersecurity and that organizations continue to educate their employees on best practice.”
A Cyberpsychological Issue
According to Dr. Linda K. Kaye, an expert in cyberpsychology, “The fact that so many remote workers use personal devices for accessing corporate data and services suggests that there may be a lack of awareness about the security risks associated with this. Tailored cybersecurity training which recognizes the diversity of different users and their levels of awareness and attitudes around risks would be beneficial to help mitigate any security threats which may derive from these issues.”