A cybersecurity provider SlashNext has released a report that delves into the security implications of employees' use of personal apps and devices, revealing that a whopping 43% of employees have fallen victim to work-related phishing attacks.
The report sheds light on the potential risks posed by the use of personal devices for work purposes, highlighting the need for organizations to address this growing cybersecurity challenge.
The report, based on a survey of 300 individuals including security professionals and employees from organizations with over 1,000 workers in North America, highlights the challenges employers face in balancing security and employee privacy with the popularity of Bring Your Own Device (BYOD) policies.
BYOD (bring your own device) refers to a corporate IT policy that allows employees, contractors, and authorized users to use their personal laptops, smartphones, and other devices on the company network for work purposes. It emerged with the rise of iOS and Android smartphones in the late 2000s, accelerated by remote work and hybrid work arrangements, and further driven by the COVID-19 pandemic and supply chain disruptions.
According to the data given by SlashNext's survey, in the era of BYOD, the most common work-related tasks performed on personal devices are:
66% use personal texting apps for work
59% use personal messaging apps for work
57% use work email for personal reasons
Additionally, as per the data, 85% of employers mandate the installation of work-related apps on employees' personal devices.
The survey shows how BYOD can pose security threats:
71% store work passwords on personal devices, risking compromise.
43% experienced phishing attacks on personal devices.
95% of security professionals are concerned about phishing attacks via private messaging apps.
CEO of Viakoo, Bud Broomhead, warns that BYOD blurs personal and work devices, making it easier for cybercriminals to target enterprise systems. Avoiding the use of personal passwords at work can reduce risks.
What could be the possible solution to mitigate the risks?
BYOD programs raise security concerns for IT due to potential vulnerabilities, expanded attack surface, and risky user behavior. Company-issued devices allow for direct monitoring and management, but personal devices lack the same control. That's why companies should give separate devices for work to curve security risks.