One global study points to a 40% risk among the distributed workforce surveyed.
As the lines between work and home life increasingly blur due to remote-working and similar arrangements, smart home devices and their apps represent a major weak link in the corporate cybersecurity chain, according to cybersecurity firm Trend Micro.
In a survey of more than 13,000 remote workers across 27 countries to find out more about the habits of distributed workforces during the pandemic, 39% of workers polled used personal devices to access corporate data, often via services and applications hosted in the cloud.
These personal smartphones, tablets and laptops may be less secure than corporate equivalents and are exposed to vulnerable IoT apps and gadgets on the home network. Over one third (36%) of respondents did not have basic password protection on all personal devices, for example.
According to cyberpychology expert Dr Linda K Kaye: “The fact that so many remote workers use personal devices for accessing corporate data and services suggests that there may be a lack of awareness about the security risks associated with this. Tailored cybersecurity training which recognizes the diversity of different users and their levels of awareness and attitudes around risks would be beneficial to help mitigate any security threats which may derive from these issues.”
More than half (52%) of global remote workers in the survey had IoT devices connected to their home network, 10% using lesser-known brands. Many such devices—especially from smaller brands—have well-documented weaknesses such as unpatched firmware vulnerabilities and insecure login settings. These could theoretically allow attackers to gain a foothold in the home network, then use unprotected personal devices as a stepping-stone into the corporate networks they are connected to.
There is an additional risk to enterprise networks if malware infections picked up at home are physically brought into the office via unsecured personal devices at organizations with bring-your-own-device (BYOD) practices.
The research also revealed that 70% of global remote workers in the study connected corporate laptops to the home network. Although these machines are likely to be better protected than personal devices, there is still a risk to corporate data and systems if users are allowed to install unapproved applications on these devices to access home IoT devices.
Said Tony Lee, Head of Consulting, Trend Micro Hong Kong and Macau: “IoT has empowered simple devices with computing and connectivity, but not necessarily adequate security capabilities. They could actually be making hackers’ lives easier by opening backdoors that could compromise corporate networks. This threat is amplified as the age of mass remote-work blurs the lines between private and company devices, putting both personal and business data (at risk). Now more than ever, it is important that individuals take responsibility for their cybersecurity and that organizations continue to educate their employees on best practices.”
Playing it safe
Trend Micro recommends that employers ensure their remote workers comply with existing corporate security policies, or, if needed, companies should refine these rules to recognize the threat from BYOD practices and IoT devices and applications.
As a cybersecurity solutions provider, Trend Micro recommends that companies reappraise the security solutions they offer to employees to secure home networks accessing corporate information. Shifting to a cloud-based security model can alleviate many remote working risks in a highly-cost-efficient and effective manner, according to their spokespeople.