To compile its new Head in the Clouds study, the firm surveyed more than 13,000 remote workers across 27 countries to reveal that 39 percent of them use their personal devices to access corporate data. The personal smartphones, tablets and laptops used by employees are likely less secure than their corporate equivalents as well as exposed to vulnerable IoT apps and gadgets on a user’s home network.
Cyberpsychology expert Dr. Linda K. Kaye commented on the findings of Trend Micro’s latest study in a press release explaining that a lack of awareness may be why so many remote workers use personal devices to access corporate data, saying:
“The fact that so many remote workers use personal devices for accessing corporate data and services suggests that there may be a lack of awareness about the security risks associated with this. Tailored cybersecurity training which recognises the diversity of different users and their levels of awareness and attitudes around risks would be beneficial to help mitigate any security threats which may derive from these issues.”
Of the global remote workers surveyed in Trend Micro’s study, more than half (52%) have IoT devices connected to their home network with 10 percent using less-known brands.
Many of these devices, especially those from smaller brands, have well-documented weakness including unpatched firmware vulnerabilities and insecure logins. These weaknesses could allow attackers to gain a foothold on a user’s home network from which they could use these personal devices as a stepping-stone to the corporate networks they’re connected to.
At the same time, there is an additional risk to enterprise networks post-lockdown if malware infections picked up while working from home are physically brought into the office on personal devices at organizations with BYOD policies in place. Trend Micro’s research also revealed that 70 percent of global remote workers connect corporate laptops to their home networks.
Principal security strategist at Trend Micro, Bharat Mistry provided further insight on the threat smart home devices and apps pose to corporate networks, saying:
“IoT has empowered simple devices with computing and connectivity, but not necessarily adequate security capabilities. They could actually be making hackers’ lives easier by opening backdoors that could compromise corporate networks. This threat is amplified as an age of mass remote work blurs the lines between private and company devices, putting both personal and business data in the firing line. Now more than ever, it is important that individuals take responsibility for their cybersecurity and that organisations continue to educate their employees on best practices.”