As the adoption of mobile phones, tablets and laptops continues to grow at the workplace, so has the opportunity for new cyber security risks. According to a survey conducted by IT security firm Kaspersky Lab in conjunction with B2B International, around half of the consumers surveyed also use their mobile devices for work. However, only one in 10 is seriously concerned about keeping work information safe should cybercriminals gain access to their device. Kaspersky Lab also conducted another survey to find out which cyberthreats internet users are aware of and which they fear the most. It turns out that theft of online accounts is the biggest concern for users. But more on it later, first a look at the BYOD phenomenon and related security threats.
One way or another, many employees of large and medium-sized companies use personal mobile devices for work. 36% of respondents store work files on them, and 34% keep work-related email messages. Sometimes, more confidential information can also be found on users’ devices, such as passwords to corporate email accounts (18%), networks or VPNs (11%). Such information represents a valuable prize for cybercriminals hunting for corporate secrets, points out the Kaspersky Lab survey.
Despite these risks, a bring-your-own-device (BYOD) business model offers many benefits to organisations, even those enterprises that have a great deal of confidential information. For example, easy access to corporate communications and applications alongside personal data and activities means that employees can see and manage tasks faster and more effectively. However, to keep the business and any proprietary data secure, the integration of BYOD into the IT infrastructure must be implemented responsibly by employers. Kaspersky Lab’s specialists have several recommendations that should be borne in mind when connecting employees’ personal devices to corporate IT networks:
* BYOD integration should be regarded as a specific project; this is especially true for large businesses. Every last detail of the integration process should be designed beforehand; and this should ideally include an infrastructure audit, a design stage and a pilot implementation
* To effectively protect mobile devices, it is important to use a comprehensive solution that ensures security across the entire corporate network, not one that focuses only on
* Managing mobile devices in a large business requires additional skills over and above those demanded by routine system administration. It is worth ensuring there are appropriately qualified IT security specialists on the team.
These can provide centralised management for all mobile devices within the corporate network, ensure that all mobile applications are installed, removed and/or updated via dedicated corporate portals, and regulate data access levels and employee privileges
* Most importantly, the business needs to develop robust scenarios for how to remove personal devices from the corporate network if they are lost or stolen, or if an employee leaves the company.
“By successfully creating and managing a BYOD network, businesses can simplify their IT operations while providing greater flexibility for employees. However, BYOD can potentially create security gaps if not managed effectively,” said Kirill Slavin, general manager at Kaspersky Lab.
Meanwhile, the other Kaspersky Lab survey finds online account theft the most feared cyberthreat among users.
Hacking of accounts and malware designed to steal passwords and confidential information were cited as the biggest concerns, with approximately the same number worried about these two threats (both 68%). Financial threats came third, with 63% concerned about possibly losing money from an account, followed by phishing emails and websites in fourth place.
Threats designed to steal credentials were also among those that users are most familiar with—86% of respondents are aware of account hacking, phishing and malware that intercepts passwords. This shows that the best known and most worrying online threat for users is the theft of their digital identity. One alarming result highlighted by the survey is the fact that 28% of users are ignorant of the ransomware threat. This is at a time when new malicious programs that encrypt files on computers and demand payment for a decryption key are emerging more and more frequently.
“People are concerned about the safety of their online accounts, although in reality few of them think they will be targeted by a cyberattack. And that’s where they’re wrong! Attackers often rely on the element of surprise, when users least expect it,” said Elena Kharchenko, head of consumer product management at Kaspersky Lab.