Young adults and parents of young children could be inviting cyber-threats by using work devices for risky personal tasks, according to new research from HP Inc.
The computing giant commissioned two separate global surveys of 8443 adults and 1100 IT decision makers, to compile its Blurred Lines & Blindspots report, which details the threat from the distributed workforce.
It found most (71%) employees are accessing more company data more frequently from home than they did pre-pandemic, with over three-quarters (76%) admitting that working-from-home (WFH) has blurred the lines between their personal and professional lives.
Certain types of home worker appear to be more likely to engage in risky behavior using work devices.
While a third (33%) of respondents are now downloading more to their devices from the internet, the figure rises to 60% for those aged 18-24-years-old. This age group is also more likely (60%) to watch online streaming services, versus the average (36%).
In addition, over two-fifths (43%) of parents of children aged 5-16-years-old admitted to using work devices to play more games today than pre-pandemic. The figure overall is just 27%.
Over half (57%) of this group are also likely to use their work device for homework and online learning, versus an average of 40%.
This matters because threat actors are increasingly looking to target these behaviors, according to separate research by analyst KuppingerCole, cited by HP.
It revealed a 54% increase in malicious actors exploiting gaming platforms between January and April 2020, and found at least 700 phishing websites spoofing streaming services in a single seven-day period in April.
The research also revealed a significant number of home workers are using potentially insecure personal devices for work — to access corporate applications (37%) and networks/servers (32%).
Over half (51%) of IT decision makers have seen evidence of compromised personal PCs being used to access company and customer data over the past year, said Ian Pratt, global head of security for HP’s personal systems division.
He argued that ideally all endpoints should be patched and up-to-date, with anti-malware and endpoint detection agents (EDR), and vulnerability assessment tools running on them to provide IT with visibility.
“However, most organizations can’t enforce an assessment of the security posture of a device before it connects to the network, so it relies on the user to make judgements. Even with policies in place, malware is very adept at evading detection,” he told Infosecurity.
“Devices on the corporate network have the benefit of defences in the corporate network, but are still very much at risk. Attackers know that the easiest way into the enterprise is by targeting the user and tricking them into clicking something to expose their machine to an attack. These attacks are even more likely to be successful if a work device is being shared by others at home.”
The report itself was launched to promote a new set of secure-by-design HP PCs and printers, hardware-enforced endpoint security software and endpoint security services, known collectively as HP Wolf Security.
However, Pratt had further best practice advice for IT security leaders without the budget to spend on a new range of security products and services.
“When enabling remote access for business-critical apps, organizations should enable multi-factor authentication, particularly with authenticator mobile phone apps or other hardware tokens,” he said.
“Overall, users should be advised not to store high value credentials in the browser and to be wary of the risks of sharing work devices with others — this type of behavior, while often innocent, is risky for the business and broadens the attack surface for hackers to exploit.”