Trend Micro Study Finds 39% of Employees Access Corporate Data on Personal Devices
Trend Micro Incorporated has released some pretty interesting survey results that show smart home devices and their apps represent a major weak link in the corporate cybersecurity chain as the lines between work and home life increasingly blur.
Trend Micro’s Head in the Clouds study surveyed more than 13,000 remote workers across 27 countries, including more than 500 in Malaysia to find out more about the habits of distributed workforces during the ongoing pandemic. It revealed that 39% of workers use personal devices to access corporate data, often via services and applications hosted in the cloud.
These personal smartphones, tablets and laptops may be less secure than corporate equivalents and exposed to vulnerable IoT apps and gadgets on the home network. Over one third (36%) of remote workers
surveyed do not have basic password protection on all personal devices, for example.
According to Dr Linda K. Kaye, a foremost cyberpsychology expert, the fact that so many remote workers use personal devices for accessing corporate data and services suggests that there may be a lack of awareness about the security risks associated with this.
She added that tailored cybersecurity training which recognises the diversity of different users and their levels of awareness and attitudes around risks would be beneficial to help mitigate any security threats which may derive from these issues.
More than half (52%) of global remote workers have IoT devices connected to their home network, 10% using lesser-known brands, the study revealed. Many such devices – especially from smaller brands – have well-documented weaknesses such as unpatched firmware vulnerabilities and insecure logins. These could theoretically allow attackers to gain a foothold in the home network, then use unprotected personal devices as a stepping-stone into the corporate networks they’re connected to.
There’s an additional risk to enterprise networks post-lockdown if malware infections picked up at home are physically brought into the office via unsecured personal devices at organisations with bring-your-own-device (BYOD) practices.
The research also revealed that 77% of Malaysian respondents connect corporate laptops to the home network. Although these machines are likely to be better protected than personal devices, there is still a risk to corporate data and systems if users are allowed to install unapproved applications on these devices to access home IoT devices. Additionally, about 35% Malaysian respondents have uploaded corporate data to a non-work application in the past.
Trend Micro recommends employers ensure their remote workers are compliant with existing corporate security policies, or, if needed, companies should refine these rules to recognise the threat from BYOD practice and IoT devices and applications.
Companies should also reappraise the security solutions they offer to employees using home networks to access corporate information. Shifting to a cloud-based security model can alleviate many remote working risks in a highly cost-efficient and effective manner.