Work-assigned mobile devices are increasing cyber security risks for organisations

Laptops, phones and tablets are more and more common inside the workplace and out, allowing employees to present information easily, or work outside of the workplace. Company directors are also aware that it’s very common for employees to use such devices for other things like watching videos, reading news, entertainment purposes and accessing social media.

Whether these devices are used for professional or personal use, one thing remains the same: “an enterprise’s security is only as strong as its weakest link”.

These devices can often be the weakest link…

As more work-assigned and personal devices are allowed access to organisation networks for remote working, there may be a higher risk of data breaches as cyber-security is taken outside the realms of originations’ offices.

When company devices are used for accessing news articles, games, online shopping and accessing social media, employees may be exposing their employer’s server to risks. If a device is compromised, and the device has access to company servers, there is an obvious risk.

Research has shown the dangers…

According to a cyber-security report conducted by Wandera, 59% of all leaks through company devices are a result of visiting sites from three popular sectors: news and sports; business and industry services; and online retail stores.

Apps in this sector may be collecting data that users aren’t aware about, or the app may not be secure and if the app isn’t secure, then the device may not be secure.

For a lot of apps, users are required to input email addresses, usernames and passwords. Users may also be asked to provide online banking details to make online purchases through retailers. If a hacker gains access to a device, they could easily obtain all this information.

The risks are often greater than people realise

Many of us are guilty for using the same login credentials for multiple accounts, and this may include work accounts. Sometimes organisations use third-party apps and tools for extra functions the organisation may not have the resources for. This could be on online HR or IT service or an online database. Unlike full bank details, which can be used to directly steal money from bank accounts, login details pose an understated danger in being utilised to access even more information. Perhaps an employee uses the same login details for their online sports news subscription as their company’s online client database for payday loans. There is the link, and the weaknesses can be exposed across them all.

Corporate mobility is a great step forward for our ever-advancing technological society that often digitalises everything; but we can’t forget the age-old warning: “with great power, comes great responsibility“. Employees hold the power to access company databases and communicate externally, and they need to be aware of the responsibility they hold in ensuring and upholding company protocols in cyber-security.

Employees are not the only ones who need to be vigilant. After all, mistakes are easily made.

Company executives need to invest resources to prevent simple errors from creating a devastating and costly crisis. ITProPortal suggests that the most practical steps to take would be to “routinely monitor the data that flows to and from each individual device, identify potential security gaps and dynamically respond through policy actions”.

Cyber-security requires a collective combination of efforts, ranging from installing technical security measures to general staff vigilance.

77 million user account details hacked from popular education platform Edmodo

Unprotected database containing 10 million U.S. vehicle owners’ personal details leaked