IT leaders says that using personal devices when working remotely poses the biggest safety threat to organisations.
Remote working is a rising trend around the world. Many people use their personal devices for work purposes, from checking emails on a smartphone to accessing documents on the cloud via a personal laptop.
While this can be really convenient for team members, it also presents a source of anxiety for IT leaders.
Remote working complicates things for IT teams
According to a survey of 100 senior IT security professionals based in the UK carried out by Duo Security, remote working is a major issue. 58pc of respondents believe that network access from non-corporate and personally owned devices is the biggest problem when it comes to managing remote users.
Remote work is on the rise in general, with 75pc of respondents saying that their users now connect remotely to work apps at least 25pc of the time. Advisory CISO at Duo, Richard Archdeacon, said that enterprise mobility is one of the biggest security puzzles at present.
He said: “If you don’t know what’s connecting to the network, how can you protect data from being compromised? What’s clear from this survey is that decision-makers still don’t feel comfortable with the sea of devices entering the workplace.”
Nearly half (48pc) of security professionals ranked external suppliers and service providers as the most risky, compared to internal employee departments such as the C-suite, sales and field support.
Several high-profile data breaches in recent times have originated from third-party suppliers, supporting this data. According to Forrester’s 2017 Global Business Technographics Security Survey, 41pc of breaches in the past 12 months were incidents within the organisation, or involved business partners or third-party suppliers.
Phishing remains an issue
As well as remote working, the survey found that phishing attacks resulted in twice as many breaches as malware and unpatched systems combined (48pc v 41pc). Archdeacon added: “Outdated devices are particularly vulnerable to being compromised, which can easily spiral into a full-blown, major breach.
“Organisations don’t necessarily need to block individuals from using their personal devices, but they do need to reshape their security models to fit these evolving working practices.”
Operating on a basis of zero trust, whereby the user’s identity and device health are checked and verified every time they access an application, is a good strategy. This helps to minimise the security risks inherent in any bring-your-own-device culture.