Nearly four in five employees (71%) store sensitive work passwords on their personal phones, and 66% use a personal texting app for work.
The data comes from SlashNext’s latest Bring Your Own Device (BYOD) Security Report, which also suggests that 95% of security leaders are increasingly concerned about phishing attacks via private messaging apps. increase.
SlashNext CEO Patrick Harr said of the findings:
“In 2022, we found that the use of personal devices and personal apps was the direct cause of many high-profile corporate breaches. This trend is sure to continue, as it is often the case, effectively doubling the attack surface for cybercriminals.”
For more information on attacks targeting mobile devices, see: Record Number of Mobile Phishing Attacks in 2022
According to Harr, this is because attackers know that personal mobile devices have fewer security controls than corporate mobile devices.
SlashNext’s report also highlights a similar trend, with a majority (89%) of IT and security leaders acknowledging legal concerns about employee access to personal data.
According to about 4 out of 5 (81%) employers, the solution to most of the above problems is to provide employees with a separate phone for work.
“Security awareness training is a great starting point for protecting your employees and your business. However, your organization should build on it, especially for your unique circumstances.
The executive added that organizations using IoT devices should pay special attention to keeping them on separate networks and keeping their firmware up to date with the latest security fixes.
“Organizations of all sizes should have processes in addition to training to test or audit employees to ensure security training can be implemented in the actions employees perform,” Broomhead added. rice field.
For more on employee training, see this analysis by SolarWinds’ Chrystal Taylor.
