A study by Trend Micro shows that 45 percent of employees access company data with personal devices. Working from home and the Internet of Things are changing the way business data is handled and its security.
Trend Micro, one of the world's leading providers of IT security, today publishes survey results on working from home. These show that smart home devices and their apps can represent a major weak point in corporate cybersecurity. As the lines between work and personal life become increasingly blurred, companies should revise their security policies to better protect business data. Among other things, the survey showed that 45 percent of the German respondents also access company data from private devices.
For the Trend Micro Head in the Clouds study, more than 13.000 remote employees in 27 countries worldwide (504 of them in Germany) were surveyed to find out more about the habits of home office workers during the pandemic.
Head in the Clouds study on the handling of company data
It turned out that 45 percent of the surveyed employees in Germany (39 percent worldwide) use private devices to access company data. This is often done through services and applications that are hosted in the cloud. However, the personal smartphones, tablets and laptops used are often less secure than corresponding company devices and are also exposed to potentially vulnerable IoT applications and gadgets (Internet of Things) in the home network. For example, over half of the respondents (52 percent in Germany, 36 percent worldwide) do not even have basic password protection on all personal devices.
Dr. Cyber Psychology Expert Linda K. Kaye explains, “The fact that so many employees use personal devices to access corporate data and services indicates a lack of awareness of the security risks involved. To remedy this and reduce the risks, I recommend companies offer specially tailored cybersecurity training. In these, the diversity of users and their different levels of knowledge and attitudes towards IT security should be taken into account. "
Use of private home networks harbors IoT dangers
Key findings from Trend Micro's Head in the Clouds study.
More than half (68 percent in Germany, 52 percent worldwide) of remote workers have connected IoT devices to their home network. 7 percent (10 percent worldwide) use less well-known brands of devices. Many such devices - especially from smaller, largely unknown manufacturers - have widely documented security gaps, such as unpatched firmware vulnerabilities and insecure logins. These can allow attackers to gain a foothold in the home network and compromise unprotected private devices connected to it. For professional use, these devices can then serve as entry points into the company networks.
After the lockdown has been lifted, there is a further risk for company networks: When returning to the office, malware infections that occur in the home office can be brought into the company via unsecured personal BYOD devices (“Bring Your Own Device”).
65 percent of remote employees working in Germany use company notebooks
The study also found that 65 percent of remote employees working in Germany (70 percent worldwide) connect company laptops to their home network. Although these devices are typically better protected than private ones, they still pose a risk to corporate data and systems. This is especially the case when users are allowed to install unapproved applications on these devices in order to access or control private IoT devices in the home network.
"Although the IoT has also provided simple devices with computing power and connectivity functions, they do not necessarily have sufficient security measures," says Richard Werner, Business Consultant at Trend Micro. “By opening back doors on these devices, it becomes easier for cyber criminals to compromise corporate networks. The threat is intensifying as the boundaries between personal and business devices become increasingly blurred in today's world of mass remote working. This puts both personal and business data in the line of fire of attackers. More than ever, it is important that everyone is actively involved in maintaining cybersecurity and that companies continue to train their employees on how to behave correctly. "
Company security guidelines must be followed
Trend Micro recommends employers ensure that their remote workers adhere to the company's existing security policies. If necessary, companies should refine these rules to take into account the potential threats posed by BYOD and IoT devices and applications. Companies should also reassess the security solutions they use to protect employees who access company data via home networks. Switching to a cloud-based security model can reduce many risks in the home office in a cost-efficient and effective way.
More on this at Trendmicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.