Trend Micro study: Working from home and the Internet of Things are changing the way business data is handled and its security. […]
Trend Micro today released survey results on working from home. These show that smart home devices and their apps can represent a major weak point in corporate cybersecurity. As the lines between work and personal life become increasingly blurred, companies should revise their security policies to better protect business data. Among other things, the survey showed that 26 percent of Austrian respondents also access company data from private devices.
For Trend Micro’s Head in the Clouds study, over 13,000 remote employees in 27 countries worldwide (521 of them in Austria) were surveyed to find out more about the habits of home office workers during the pandemic.
It turned out that 26 percent of the employees surveyed in Austria (39 percent worldwide) use private devices to access company data. This is often done through services and applications that are hosted in the cloud. However, the personal smartphones, tablets and laptops used are often less secure than corresponding company devices and are also exposed to potentially vulnerable IoT applications and gadgets (Internet of Things) in the home network. For example, a third of those surveyed (33 percent in Austria, 36 percent worldwide) do not even have basic password protection on all personal devices.
Dr. Cyber Psychology Expert Linda K. Kaye explains, “The fact that so many employees use personal devices to access corporate data and services indicates a lack of awareness of the security risks involved. In order to remedy this and reduce the risks, I recommend companies offer specially tailored cybersecurity training. This should take into account the diversity of users and their different levels of knowledge and attitudes towards IT security. “
More than half (81 percent in Austria, 52 percent worldwide) of remote workers have connected IoT devices to their home network. 6 percent (10 percent worldwide) use less well-known brands of devices. Many such devices – especially from smaller, largely unknown manufacturers – have widely documented security gaps, such as unpatched firmware vulnerabilities and insecure logins. These can enable attackers to gain a foothold in the home network and to compromise unprotected private devices connected to it. For professional use, these devices can then serve as an entry point into the corporate networks.
After the lockdown has been lifted, there is a further risk for company networks: When returning to the office, malware infections that occur in the home office can be brought into the company via unsecured personal BYOD devices (“Bring Your Own Device”).
The study also found that 64 percent of remote employees working in Austria (70 percent worldwide) connect company laptops to their home network. Although these devices are typically better protected than private ones, they still pose a risk to corporate data and systems. This is especially the case when users are allowed to install unapproved applications on these devices in order to access or control private IoT devices in the home network.
“Although the IoT has also provided simple devices with computing power and connectivity functions, they do not necessarily have sufficient security measures,” says Richard Werner, Business Consultant at Trend Micro. “By opening back doors on these devices, it makes it easier for cyber criminals to compromise corporate networks. The threat is increasing as the boundaries between personal and business devices become increasingly blurred in today’s world of mass remote working. This puts both personal and business data in the line of fire of attackers. More than ever, it is important that everyone is actively involved in maintaining cybersecurity and that companies continue to train their employees on how to behave correctly. “