Allowing employees to use their personal devices for work purposes has become a common practice in many organizations. However, a new report from SlashNext reveals that this practice comes with significant risks, as 71 percent of employees store sensitive work data on their personal devices.
The report also found that 43 percent of employees have been targeted by work-related phishing attacks on their personal devices. While 90 percent of security leaders say that protecting employees’ personal devices is a top priority, only 63 percent say they have the tools to do so adequately.
“With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information,” says Patrick Harr, CEO of SlashNext. “In 2022 we saw that the use of personal devices and personal apps were the direct cause of many high-profile corporate breaches. This is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber criminals. Threat actors know there are fewer security controls on personal mobile devices, and they have increased efforts to compromise these devices and access valuable corporate data.”
The report also found that 71 percent of employees store sensitive work passwords on their personal phone, and 66 percent use their personal texting apps for work. On the employer side, 95 percent of security leaders say that phishing attacks via private messaging apps are an increasing concern.
To address these concerns, employers need to ensure they have the necessary tools for securing corporate data while maintaining employee privacy on personal devices. However, this can be a tricky balance, as employees want to protect sensitive company information on their devices, but not at the cost of their privacy.
The report suggests that employers should consider giving employees a separate phone just for work, but this effectively doubles the attack surface for threat actors. Interestingly, more employees are worried about being the target of a corporate phishing attack than about employer surveillance on their personal devices.
While the practice of allowing employees to use their personal devices for work purposes has become common, it comes with significant risks. Employers need to ensure they have the necessary tools for securing corporate data while maintaining employee privacy on personal devices.