Implications of Remote Work and Bring Your Own Device (BYOD)
(Posted on Tuesday, November 19, 2024)
According to NIST, did you know that over 95% of organizations allowed the use of personal devices for work even before the pandemic?
And that mobile phishing attacks have risen by 161% in recent years? (Lookout)
Yet, despite these risks, a majority of companies still lack robust cybersecurity education and policies for remote work and BYOD practices.
Here’s the problem: unsecured devices can be a gateway for cyber threats, as most users are not educated on cyber-readiness protocols and lack the proper services and tools to proactively protect themselves 24/7.
For example, when I experienced my cyberattack, my personal iCloud was connected to both my work and personal devices. At the time, I wasn’t aware that my KeyChain could be compromised—and that it could impact both my business and personal life.
Tough lesson to learn.
The rise of remote work has blurred the line between professional and personal device usage. Employees frequently access company systems on personal devices, often connecting through unsecured networks or using outdated software. And for most of us who travel consistently for work, bringing multiple devices can feel like a TSA checkpoint disaster.
So, what examples should we be aware of to help reduce exposure to cyber-related threats?
- Outdated Software: Employees use their laptops to access the company’s CRM system (we’ve all done this). The laptop’s operating system hasn’t been updated in months, leaving it vulnerable to exploits that cybercriminals can use to breach the device and the corporate network.
- Unsecured Networks: An employee working from a coffee shop, airport, or hotel lobby connects to public Wi-Fi to check emails and access sensitive company documents. Without a VPN, this connection could be intercepted by hackers, exposing login credentials and confidential data.
- Device Sharing: A family member borrows an employee’s tablet, which is also used for work. They inadvertently download a malicious app, allowing attackers to gain access to sensitive work-related files stored on the device.
These common user behaviors can expose organizations—and the individuals themselves—to several risks:
- Unsecured Home Networks: Most home networks lack enterprise-level security, such as firewalls or intrusion detection systems, making them easy targets for attackers.
- Weak Wi-Fi Passwords: Employees often use weak or default passwords for their home Wi-Fi networks, allowing attackers to gain unauthorized access and intercept sensitive data.
- Unencrypted Data Transfers: Employees frequently transfer sensitive files between personal devices and work systems without encryption, leaving data vulnerable to interception during transit.
Cybercriminals thrive on these vulnerabilities, exploiting the weakest link to infiltrate sensitive systems.
Ignoring these threats could cost you everything. The stakes couldn’t be higher. Here’s why:
- Data Breaches: One compromised device can expose entire systems, leading to financial and reputation damage.
- Malware Infections: Personal devices infected with malware can quickly spread to corporate networks.
- Compliance Violations: Companies face fines and legal action if they fail to secure sensitive customer data.
For example, a single phishing attack on an employee’s device can act as a launchpad for hackers to access an organization’s sensitive systems. The result? Financial loss, operational disruption, and a tarnished reputation that may take years to recover.
For individuals navigating remote work and BYOD, here are three proactive measures you can implement:
- Set Up a Personal VPN
Use a reputable VPN service like NordVPN or ProtonVPN to encrypt your internet connection and protect sensitive information when working on public or home networks. - Regularly Audit App Permissions
Review which apps on your device have access to sensitive data. Tools like Jumbo Privacy can help automate permission reviews and suggest changes to enhance privacy. - Enable Mobile-Specific Security Apps
Install apps like Avast Mobile Security or Kaspersky Mobile Antivirus to actively scan your device for malware and phishing attempts.
The days of relying solely on firewalls and passwords are long gone. Remote work and BYOD practices require innovative, layered defenses.
Education and cyber-preparedness programs can also improve organizational and individual security best practices. All we need to do is implement and provide ongoing—and I’d argue mandatory—cyber training.
Stay Safe,
Chris