A study has revealed that remote workers often use company-issued devices for personal as well as professional matters. This could pose a risk to data security.
A 2020 study from cybersecurity provider Mimecast has revealed that many remote workers are using their company laptops for personal reasons as well. This trend has raised the issue of cybersecurity and whether or not these devices are more vulnerable to being hacked.
We are in the midst of a remote work revolution, with many employees using company-issued laptops at home and depending on their own internet solutions to stay connected with colleagues and clients.
The study shows that 74% of its respondents admitted to using their company laptops for activities that have nothing to do with their job. Sixty-six percent of respondents explained that they used these devices for personal emailing, while 51% said they did personal shopping on their devices. It was noted by Duane Nicol, a cybersecurity specialist at Mimecast, that a lot of workers don’t have their own laptops, and therefore rely on their company devices for personal as well as professional reasons.
Nicol also notes how this trend is likely to be more prominent among younger people. According to him, 79% of worldwide respondents in the age range of 16 to 24 admitted to following the same trend, while only 42% who did so were aged over 55. He explained that, because they’re working from home, people are becoming more reliant on their own connectivity solutions and are using their devices for personal use on a more regular basis.
There are risks associated with this, as Nicol points out. He notes two problems, the first being that home networks are inherently less secure than office networks. The second is that when people start returning to the workplace, they aren’t automatically going to stop doing what has become natural for them. As a result, this could mean that security teams will have to implement policies in order to prevent possible cyberattacks.
The shift to remote work has seen the development of an unfortunate trend whereby cyber criminals focus their efforts on people who have become isolated by the lockdown. They take advantage of poorly secured home networks, inadequate password management, and a lack of awareness around the protection of important data. There are more opportunities for cyber criminals to strike when laptops are being used on home networks than when they’re being used on more secure office networks.
The study also showed that over 33% of South African respondents were installing software for their own personal use, which is a risky move given that this software may jeopardise the security of the data stored on their devices. Nicol explained that this highlighted “the importance of implementing some basic policies around device usage.” He said that “restricting the privileges that staff have on their work machines severely limits the potential for malicious software being installed.”
It’s not only company policy that will help users behave more cautiously when it comes to company-owned laptops. Cybersecurity security awareness training is also important. Though he laments the fact that education in this regard tends to fall on deaf ears, Nicol does state, “we see that the combination of training and innovative education strategies empowers users to make better decisions around their personal cyber security.”
There are some important actions that Nicol recommends to IT teams in order to reduce the risk of cyberthreats. He notes how companies need to make cybersecurity an integral part of their culture and provide comprehensible information surrounding IT security to employees. There’s also the matter of companies evaluating what technologies they have and establishing where improvements can be made.
He further recommends that companies should assume their employees are going to use their laptops for some personal use, and then create a cybersecurity strategy based on this assumption. Instead of trying to stop it, companies should find ways lessening its risks. It is indeed important for organisations to adapt to changing work behaviours. With remote work becoming so prevalent, it’s wise for a company to rethink its approach to data security.