According to Trend Micro, its Head in the Clouds study found that these personal smartphones, tablets and laptops may be less secure than corporate equivalents and exposed to vulnerable IoT apps and gadgets on the home network.
And the study reveals that close to half (41%) of remote workers in Australia surveyed don’t have basic password protection on all personal devices, for example.
Trend Micro surveyed more than 13,000 remote workers across 27 countries - including Australia - to find out more about the habits of distributed workforces during the COVID-19 pandemic.
Trend Micro cites Dr Linda K. Kaye, a cyberpsychology expert, saying that, "The fact that so many remote workers use personal devices for accessing corporate data and services suggests that there may be a lack of awareness about the security risks associated with this.”
“Tailored cybersecurity training which recognises the diversity of different users and their levels of awareness and attitudes around risks would be beneficial to help mitigate any security threats which may derive from these issues," Dr Kaye said.
The Trend Micro study revealed that almost half (49%) of Australian remote workers have IoT devices connected to their home network, 8% using lesser-known brands, and many such devices (especially from smaller brands) have well-documented weaknesses such as unpatched firmware vulnerabilities and insecure log-ins - and these could theoretically allow attackers to gain a foothold in the home network, then use unprotected personal devices as a stepping-stone into the corporate networks they’re connected to.
According to Trend Micro there’s an additional risk to enterprise networks post-lockdown if malware infections picked up at home are physically brought into the office via unsecured personal BYOD devices.
The study also revealed that 68% of Australian remote workers connect corporate laptops to the home network - and Trend Micro says that although these machines are likely to be better protected than personal devices, there is still a risk to corporate data and systems if users are allowed to install unapproved applications on these devices to access home IoT devices.
“IoT has empowered simple devices with computing and connectivity, but not necessarily adequate security capabilities”, said Bharat Mistry, Principal Security Strategist at Trend Micro.
“They could actually be making hackers’ lives easier by opening backdoors via which they could compromise corporate networks. This threat is amplified as an age of mass remote working blurs the lines between private and company devices, putting both personal and business data in the firing line. Now more than ever, it is important that individuals take responsibility for their cybersecurity and that organisations continue to educate their employees on best practice.”
"As more BYOD are connected to the home network amidst the pandemic, it’s concerning that almost half of Australian remote workers have IoT devices connected to these networks; providing a direct route for cybercriminals to access corporate networks”, said Ashley Watkins, Managing Director, Commercial, Trend Micro ANZ.
“As remote working becomes the norm, organisations must enforce clear policies on acceptable device usage to combat threats caused by smart home networks and personal devices. Education and awareness training is also encouraged to ensure employees are across best practice security including identifying email threats, malicious files, and malicious URLs.”