LEAVING DEVICES EXPOSED

A new survey reveals a quarter (25%) of UK workers allow children to use their work device for home schooling, which has major security implications for their employers.

The YouGov survey of 2025 employees, commissioned by iomart.com, investigated the ongoing security risks faced by businesses following the shift to home working during the pandemic.

They and looked at key areas of concern like sharing of devices within households, password hygiene and how social media was accessed:

The survey found businesses are forgoing the usual levels of due diligence and security considerations, due to an immediate focus on remaining operational while working remotely.

Remote workers with children are allowing their family to use their work devices for online activities, including home schooling, homework and socialising with friends – including gaming.

But this leaves workers vulnerable to hacking, as a blurred line between professional and personal device use means businesses cannot ensure the use of key security elements, including managed network access, gateway firewalls and a secure cloud environment.

As well as using their work devices for personal use, employees were also identified as having poor password security, as almost three quarters (74%) of those surveyed stated they didn’t use different passwords for everything, despite security recommendations.

Neil Christie, Chief Operating Officer at iomart, urges businesses to prioritise device security and employee training as remote working looks set to continue past the pandemic:

“While it’s understandable that the lines have been blurred between personal and business use when it comes to work devices – due to home schooling, childcare and an increased need to stay social online – this has key security implications that need to be addressed.
This change in behaviour patterns, particularly in a busy home, makes the corporate environment more vulnerable to a security breach.
Consultation and guidance around security matters should now take precedence as remote working is going to play a much bigger part in the life of every business.
This includes addressing the highlighted risks that result from seemingly innocuous everyday behaviours in the home. As well as device sharing, these risks include using common passwords across multiple systems and lack of control over access to certain applications or social media.”

Cyber risks have come into sharper focus during the national lockdown, with many employees working from home and an increase in remote working set to continue after pandemic restrictions.

As a result, the need for heightened attention around device security and employee training remains a priority. Australia should also take note of these findings.

How many employees of businesses in Australia are doing the same?

In order to strengthen their at-home security, businesses require a comprehensive audit of their current working practices to identify any areas of vulnerability, and look to schedule frequent audits on a consistent basis to ensure risks are constantly monitored.

This is particularly important for organisations that handle a wide breadth of sensitive data.

THE NEED FOR CYBER SECURITY

Cybersecurity is important because it protects all categories of data from theft and damage.

Gone are the days of simple firewalls and antivirus software being your sole security measures. Business leaders can no longer leave information security to cybersecurity professionals.

This includes sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, governmental and industry information systems.

Without a cybersecurity program, your organisation cannot defend itself against data breach campaigns, making it an irresistible target for cybercriminals.

Both inherent risk and residual risk is increasing, driven by international connectivity and usage of cloud services, like Amazon Web Services, to store sensitive data and personal information.

Let’s not forget that Amazon were chosen by the Australian government to host ‘COVIDSafe’ data.

To this end, widespread poor configuration of cloud services — paired with increasingly sophisticated cyber criminals — means the risk that your organisation suffers from a successful cyber attack.

Cyber threats can come from any level of your organisation, including from your home.

Employers must educate your staff about simple social engineering scams like phishing, and more sophisticated cybersecurity attacks like ransomware attacks or other malware.

These are designed to steal intellectual property or personal data.

Cybersecurity is no longer something businesses of any size can ignore.

Security incidents regularly affect businesses of all sizes and often make the front page causing irreversible reputational damage to the companies involved.

If you are not yet keeping a close eye on cybersecurity, you should be.

The World Economic Forum are set to stage their ‘simulated international cyber attack’ next month.