A large proportion of employees are using their own devices to access data belonging to their company, according to a new study by Trend Micro.
Researchers found that 39% of workers use personal smartphones, tablets, and laptops to access corporate data, often via services and applications hosted in the cloud.
The Head in the Clouds study, which surveyed more than 13,000 remote workers globally, found that many of the personal devices used to access company data were not as secure as their corporate equivalents.
A further finding of the study was that more than half (52%) of global remote workers have IoT devices connected to their home network, with 10% using lesser-known brands.
Since home networks typically offer security protection that is inferior to that which a business can afford to implement, researchers expressed concern that attackers could access home networks, then use unprotected personal devices as a stepping stone into the corporate networks they’re connected to.
Getting access to personal devices may not present much of a challenge to threat actors, given that over one-third (36%) of remote workers surveyed did not have basic password protection on all personal devices.
"The fact that so many remote workers use personal devices for accessing corporate data and services suggests that there may be a lack of awareness about the security risks associated with this," commented cyberpsychology expert Dr. Linda K. Kaye.
"Tailored cybersecurity training which recognizes the diversity of different users and their levels of awareness and attitudes around risks would be beneficial to help mitigate any security threats which may derive from these issues."
The research also revealed that 70% of global remote workers connect corporate laptops to the home network, opening up the possibility for malware infections to be brought from the home into the office.
“IoT has empowered simple devices with computing and connectivity, but not necessarily adequate security capabilities,” said Bharat Mistry, principal security strategist at Trend Micro.
“This threat is amplified as an age of mass remote work blurs the lines between private and company devices, putting both personal and business data in the firing line."