Roughly four out of five employees (71%) store sensitive work passwords on their personal phones, and 66% use their personal texting apps for work.
The data come from SlashNext’s latest mobile bring your own device (BYOD) security report, which also suggests 95% of security leaders are increasingly concerned about phishing attacks via private messaging apps.
“With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information,” explained SlashNext CEO, Patrick Harr, commenting on the findings.
“In 2022, we saw that the use of personal devices and personal apps was the direct cause of many high-profile corporate breaches. This is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber-criminals.”
According to Harr, this is because threat actors know there are fewer security controls on personal mobile devices than on corporate ones.
The SlashNext report also highlights a mirrored trend with a majority (89%) of IT and security leaders acknowledging legal concerns about having access to employees’ private data.
According to roughly four out of five employers (81%), the solution to most of the issues above is providing employees a separate phone just for work.
“Security awareness training is a great starting point for helping protect employees and businesses; however, organizations should build upon it, especially for situations that are unique to them,” explained Viakoo CEO, Bud Broomhead.
The executive added that organizations with IoT devices must pay special attention to keeping them on separate networks and keeping their firmware up to date with the latest security fixes.
“In addition to training, organizations of all sizes should have a process to test or audit employees to make sure the security training can be carried through in the actions employees take,” Broomhead added.