2 in 5 remote workers access firm data on own devices

Image courtesy of Trend Micro

Corporate data policies may need to be refreshed with workforces remaining remote as a Trend Micro study found that 39% of employees access on personal devices corporate data, often via services and applications hosted in the cloud.

Trend Micro surveyed more than 13,000 remote workers across 27 countries to find out more about the habits of distributed workforces during the pandemic.

These personal smartphones, tablets and laptops that employees use may be less secure than corporate equivalents and exposed to vulnerable IoT apps and gadgets on the home network. 

Over one-third (36%) of remote workers surveyed do not have basic password protection on all personal devices, for example.

More than half (52%) of global remote workers have IoT devices connected to their home network, 10% using lesser-known brands, the study revealed.

Many such devices — especially from smaller brands — have well-documented weaknesses such as unpatched firmware vulnerabilities and insecure logins. These could theoretically allow attackers to gain a foothold in the home network, then use unprotected personal devices as a stepping-stone into the corporate networks they’re connected to.

The research also revealed that 70% of global remote workers connect corporate laptops to the home network. Although these machines are likely to be better protected than personal devices, there is still a risk to corporate data and systems if users are allowed to install unapproved applications on these devices to access home IoT devices.

“IoT has empowered simple devices with computing and connectivity, but not necessarily adequate security capabilities,” said Tony Lee, Head of Consulting at Trend Micro Hong Kong and Macau. “This threat is amplified as an age of mass remote work blurs the lines between private and company devices, putting both personal and business data in the firing line.”

Trend Micro recommends employers ensure their remote workers are compliant with existing corporate security policies, or, if needed, companies should refine these rules to recognise the threat from BYOD practice and IoT devices and applications.

Companies should also reappraise the security solutions they offer to employees using home networks to access corporate information. Shifting to a cloud-based security model can alleviate many remote working risks in a highly cost-efficient and effective manner.