In the current security climate and with the complexities of a hybrid workforce, IT decision-makers still have a huge challenge when it comes to fully securing the workplace – and a new Cisco study has revealed some startling facts.
Cisco research reveals that among parents who share their devices used for work with children, 31% allow unsupervised access with full knowledge of passcodes. Even among those without access to passcodes, 49% remain unsupervised.
“Allowing unauthorised people, including children, to access confidential data can lead to serious data breaches,” says Ameera Cassoojee, cybersecurity specialist at Cisco. “For example, children might accidentally submit, change, or delete important information through an open browser or email. It’s common for families to share devices, but IT leaders can prevent problems by setting up good security measures, automatically logging out inactive sessions and understanding the needs of users.”
With 85% of working parents admitting to sharing a personal device used for work with a child in the past six months, IT teams need to factor in more than just standard security risks. They need to consider more broadly the issues that arise in chaotic real-world environments – and how substituting security for convenience continues to be a threat.
Among those sharing devices with children, the survey further shows low usage of effective security. Only 31% use multi-factor authentication for important work tasks, while 64% simply rely on “strong” passwords.
In a time where over two-thirds of connected household devices are shared among family members (75% vs 65% two years ago), it’s time to sharpen up on best practice and monitor activity across devices – managed or unmanaged, fixed or mobile – to make sure nothing falls through the cracks.
Cassoojee shares five tips to mitigate security risks of device sharing:
- Work with rather than against users. Allow users to create guest user accounts on devices to allow family members restricted use without access to business systems, but benefitting from corporate cyber protection. Permitting guest accounts is less than ideal, but it’s better than having unauthorised users with full access to a device.
- Implement multi-factor authentication (MFA) or two-factor authentication (2FA). When a user accesses a new application or system, verify that the user intended to perform the action through an MFA/2FA ping or biometric recognition. A simple additional verification step will almost certainly prevent curious children from accessing sensitive systems.
- Keep sensitive business data protected. Not all data has equal security requirements, so guard sensitive data with additional elements such as zero-trust network access (ZTNA), VPN, or multifactor authentication (MFA/2FA) so that it can only be accessed by the appropriate device user.
- Back-up, back-up, and back-up again. The family home environment is hazardous for fragile electronic devices. Spilled coffee, lemonade, or paint can easily disable a device – as can falls from heights on to a tiled kitchen floor. Ensuring that important data isn’t lost and that replacement devices can be easily restored from backed-up data is vital to keeping hybrid workers operational.
- Educate users about cybersecurity. Devious users have a nasty habit of finding ways to subvert security protections if they find that these protections get in the way of their goals. Make sure users are aware of the importance of cybersecurity, the consequences of getting it wrong, as well as common threats and attacks. Simple policies reinforced with sanctions for transgressions help users understand what is acceptable and what is not.