card

More than 70% of employees store work passwords on personal devices, so what’s the threat

20.04.2023
99

Data gotten from SlashNext’s latest mobile ‘bring your own device’ (BYOD) security report shows that roughly four out of five employees (71%) store sensitive work passwords on their personal phones. About 66% use their personal texting apps for work purposes. The finding shows why mobile phishing is on the rise now, as cybercriminals are aware of these security lapses. The trend is never stopping as employees often use corporate and personal devices for work, doubling the attack surface for cybercriminals.

Patrick Harr, SlashNext CEO, commenting on their findings, said: “With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information”. The reports stated that compromised employees’ devices and personal apps were one of the major direct causes of high-profile corporate data breaches in 2022. Threat actors know that weak or porous security control apps run on personal mobile devices than on corporate ones, thus unleashing sophisticated and subtle phishing attacks on corporate organisations' employees.

Another report, from cybersecurity firm Lookout, shows that the proportion of mobile users in corporate environments clicking on more than six malicious links per year will rise from 1.6% in 2020 to 11.8% in 2022, indicating that users are finding it harder to distinguish phishing messages from legitimate communications. This puts organisations at very high risk if one of their employees' phones is compromised.

To address this issue, 81% of employers agreed that providing employees with a separate, work-only phone would mitigate the risk they face. Executives added that organisations with IoT devices need to take extra care to keep them on separate networks and keep their firmware up to date with the latest security fixes.

Security awareness training for employees will be a good head start, equipping them with cybersecurity knowledge and how to spot phishing messages.