itb-au logo
Story image

One in five employees download commercially sensitive files onto personal devices

One in five (20%) employees has downloaded commercially sensitive or confidential company files on a personal device while working from home, according to a new study by PYB.

Of these respondents, 40% admitted that the devices either had no password protection or no up-to-date security installed.

"Out of all corporate cybersecurity loopholes, the most overlooked one is employees personal smartphones," says Daniel Markuson, digital privacy expert at NordVPN.

The reason employees use personal devices for work is that, according to data from 2018, only 39% percent of companies provided their employees with corporate smartphones. As a result, employees accessed back-end corporate infrastructure from the same devices they use for chatting, snapping, tiktoking, shopping, and browsing. 

"Employers simply lost control over their information," says Markuson.

He says corporations were highly unprepared for challenges brought about by remote work. During the lockdown, NordVPN Teams saw a 165% usage spike and an almost 600% increase in sales overall. Companies were acquiring basic cybersecurity tools at the last minute. As a result, cybersecurity incidents spiked by 2,000% between February and March this year.

Mobile security unquestionably an oxymoron

NordVPN says that compared to mobile, desktop devices are more helpful to cybersecurity-literate users in avoiding attacks via social media or email-based spear phishing and spoofing attacks that attempt to mimic legitimate webpages. 

But when it comes to a smartphone, the screen size and software specifics limit users ability to assess the quality of a websites SSL certificate.

GUI (graphical user interface) elements that call to action, such as download, accept, reply, and like buttons, make it easier to fall for fraud on mobile devices. What's more, it's impossible to hover over a hyperlink to see the address behind it. 

"That's why users dealing with emails on a mobile device are far more likely to fall victim to a phishing attack than those who use a desktop," says Markuson.

According to Verizon's 2019 data breach investigation report, the final nail is driven in by how people use mobile devices. 

"Users often interact with their mobile devices while walking, talking, driving, and doing all manner of other activities that interfere with their ability to pay careful attention to incoming information," NordVPN says.

Training, training, training

Markuson says no tool can prevent the human error of giving away a password or installing a malicious code despite the flashing notifications of cybersecurity tools. 

"That's why cybersecurity training should include the recognition of phishing attacks or malware on mobile," he says. 

"Additionally, employers should cover and encourage the use of mobile VPNs," Markuson says. 

"Leading VPN solutions offer consumers products comparable to enterprise-grade services to secure personal devices. Besides masking  users IP addresses, a VPN also makes it impossible to track or intercept online browsing. Enabled VPNs encrypt data, prevent malicious websites from opening, and partially serve as antivirus software."

Apart from a VPN, there are other security measures that should be taken to increase employees safety online, Markuson says.

"One such measure is a password manager, such as NordPass, which generates strong and unique passwords and keeps them in a secure vault. It also allows securely sharing passwords and notes among employees. 

"And, finally, file encryption services, like NordLocker, encrypt all types of files on a computer and in the cloud. Such tools let workers keep their work confidential and safely share it with their colleagues."

Markuson says employees are not the cause, they are also the victim. 

"Once hackers have access to corporate infrastructure, they can easily infect all connected devices with malware. The latest mobile operating systems, especially iOS, are designed to limit the ability to execute malicious code, but this doesn't prevent it from spreading like fire to the corporate infrastructure," he says.

Story image
Why remote IT operations teams need a virtualised network operations centre
The lack of tools available for remote IT operations teams means that they are left to view multiple IT monitoring tools on different systems. This means they no longer have a central location for viewing information, making information more difficult to track.More
Story image
How to use Employer of Record services to onboard staff around the world
The marketing solution, natively built within Microsoft Dynamics, helps solve the challenge presented by the bewildering array of complex and expensive marketing tools available to today’s marketing professionals by offering a single unified marketing, analytics and services platform.More
Story image
IBM appoints Martin Chee as general manager of ASEAN
Chee will oversee IBM’s business growth in the ASEAN region, and will be based in IBM ASEAN’s headquarters in Singapore.More
Story image
Data in the 21st century: Harness the power of a new age
Data is today’s greatest business opportunity -- and everyone seems to know it. More
Story image
Gartner details the five 'digital competencies' CFOs must wield in 2021
Advancing the emerging technologies of robotic process automation (RPA), advanced AI and more hinge on achieving these competencies, Gartner says.More
Story image
Kiwi company builds AI assistant with IBM Watson
Replikr, an IBM partner, is working with global quality assurance organisation Exemplar Global on Emma, a new AI that represents the first phase of scalable, personalised advice to Exemplar Global's user base. More