Workers using their own devices for utility work purposes “BYOD” (Bring Your Own Device) is very convenient and saves companies money, but unfortunately represents a potential danger for security.
Nearly half (43%) of employees have been targeted with work-related phishing attacks on their personal devices, says a survey from cybersecurity company SlashNext in a report released on March 30. The company surveyed 300 workers on the use of personal devices in work, how employers balance security and employee privacy with the popularity of BYOD, and the resulting gaps in cybersecurity. The respondents included employees and security professionals across organizations in North America.
This survey discovered that the use of personal devices for work has been increasing. One reason for this is convenience. As more people work remotely or are hybrid taskers, employees want to be able to do their jobs from anywhere and at any time, which often requires that they need to utilize their own PC or mobile device.
Another reason for BYOD is comfort. People are already familiar with their own devices and apps, which lessens the learning curve involved in using a different device issued by their company.
How Employees Use Personal Devices for Work
Amid the rise in BYOD, these are the three most common work-related tasks that people perform on their personal devices, according to SlashNext’s survey:
-
66% of the employees use their personal texting apps for work.
-
59% use their personal and private messaging apps for work.
-
57% sometimes use their work email for personal reasons.
The survey also revealed that 85% of employers require work-related apps to be installed on their employees’ personal devices.
How BYOD Can Lead to Security Issues
The serious risk factor is that this confusion of personal and work platforms and use can easily lead to security threats. Among those surveyed, the report found that 71% admitted that they store sensitive work passwords on their personal phone, which is a security weakness. 43% of those surveyed have been the target of a phishing attack on their personal device.
This is a serious concern for cybersecurity professionals. "With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information," said Patrick Harr, CEO, SlashNext. "In 2022 we saw that the use of personal devices and personal apps were the direct cause of many high-profile corporate breaches. This is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber criminals. Threat actors know there are fewer security controls on personal mobile devices, and they have increased efforts to compromise these devices and access valuable corporate data."
How To Reduce this Vulnerability
IT and help desk staff need to be able to enforce company policies on peoples' personal devices. These also should be configured and updated to operate security best practices. There are legal and compliance issues involved in storing sensitive work data on personal devices, particularly when those devices are lost or stolen.
Among the security professionals surveyed, 90% said that protecting the personal devices of employees is a top priority. However, only 63% said that they have the right tools to accomplish this. In addition, 89% of them said that they have legal concerns about having access to the private data of employees. Improved training and policies to govern BYOD devices and work platforms might help.
Possible Solutions to These BYOD Security Dangers
In addition to security training, the company should be able to test or audit employees compliance with the procedures. IoT devices should be on separate networks and updated with the latest security fixes. This is an evolving situation where companies need to keep up with best practices with relation to BYOD devices and cybersecurity.