Unwitting insider threats are becoming an increasingly common part of the attack chain for general consumers. Even the smallest of data leaks can lead to huge ramifications further up the business chain and poor cybersecurity at home could prove to a weak link for many.
This is one of the findings from a new Cisco survey that polled consumers across Europe and Middle East regions on device security.
Using personal devices for work
With the advent of hybrid work and against a backdrop of intensified cyber threat, the research was conducted with the aim of understanding attitudes to cybersecurity in the home. The results reveal the huge number of people who frequently use their personal device for work tasks such as sending emails (58%), make work calls (48%) and share documents (42%). Only 10% have never chatted about work task on their personal device or worked on a business document.
Of over 8 000 respondents, 90% have two or more connected devices and 84% share at least one connected device with someone else in the house. Amid a global surge in cybercrime at all levels, respondents do appear concerned about the threat of attack, with 57% admitting they’re worried about their personal devices being hacked.
However, despite concerns and the number of connected devices shared in the home, one in six respondents have never changed their WiFi password and for one in five it’s been a year or more.
Risk is not only a factor at home, as so many people now work in public spaces or check-in on work tasks on the move. The always-on mentality of so many means people are risking shortcuts to connectivity. 76% of respondents admit to having used public WiFi networks, such as bars, airports and restaurants, for work tasks.
“On a public Wi-Fi network, you don’t know who else is sharing the connection, what their motivations are, or how much effort the owner of the network has put into securing it,” says Martin Lee, EMEA lead at Talos, Cisco’s threat intelligence and research organization. “Using your phone’s hotspot feature (with a strong password) will be more secure than using a public network, using a VPN will always be more secure than not using a VPN.”
Misunderstanding security measures
Username and passwords have never been a particularly effective technique for keeping unwanted individuals from accessing systems. Adding multi-factor authentication (MFA) to accounts is a very simple method for adding a strong extra layer of protection to system access.
Put simply, a trusted passwordless application uses the login process as an enforcement point, considering the context and conditions of the request including device health. Security teams establishing these controls are getting ahead of multi-factor phishing and biometric spoofing.
However, 37% do not use or do not know what MFA is. As nearly every smartphone now has a fingerprint or facial scanner, consumers are choosing to use biometrics instead of passcodes to unlock and login to applications on their personal devices. Organizations have an opportunity to leverage this technology, which is already in employees’ pockets, to drive adoption of strong MFA at work. This is also known as passwordless authentication.
Inconsistent education opportunities
A major challenge in closing the gaps in cybersecurity is educating millions of people at a consistent level. When asked where they seek advice about online and device security behavior, the answers were stacked predominantly towards asking friends and family (39%) or just using common sense (35%).
This approach was fairly consistent across age categories, although the use of social media as a reference spiked among younger generations. Thirty-five percent of those between 16-34 use it compared to much lower levels from older respondents. General media, providers of apps and state authorities were ranked very low on the list of reference points – all below 25%.