Relaxed home cybersecurity could render consumers accidental ‘inside actors’

Issue 2/3 2023 Editor's Choice, Information Security, Smart Home Automation

A new survey from Cisco of general consumers across Europe and Middle East regions reveals interesting trends on device security. Unwitting insider threats are becoming an increasingly common part of the attack chain. Even the smallest of data leaks can lead to huge ramifications further up the business chain and poor cybersecurity at home could prove to be a weak link for many.

Using personal devices for work

With the advent of hybrid work and against a backdrop of intensified cyber threats, the research was conducted with the aim of understanding attitudes to cybersecurity in the home. The results reveal the huge number of people who frequently use their personal device for work tasks such as sending emails (58%), make work calls (48%) and share documents (42%). Only 10% have never chatted about work tasks on their personal device, or worked on a business document.

Of over 8000 respondents, 90% have two or more connected devices and 84% share at least one connected device with someone else in the house. Amid a global surge in cybercrime at all levels, respondents do appear concerned about the threat of attack, with 57% admitting they’re worried about their personal devices being hacked. However, despite concerns and the number of connected devices shared in the home, 1 in 6 respondents have never changed their Wi-Fi password and for 1 in 5 it’s been a year or more.

Risk is not only a factor at home, as so many people now work in public spaces or check-in on work tasks on the move. The always-on mentality of so many means people are risking shortcuts to connectivity. 76% of respondents admit to having used public Wi-Fi networks, such as bars, airports and restaurants, for work tasks.

“On a public Wi-Fi network, you don’t know who else is sharing the connection, what their motivations are, or how much effort the owner of the network has put into securing it,” says Martin Lee, EMEA Lead at Talos, Cisco's threat intelligence and research organisation. “Using your phone’s hotspot feature (with a strong password) will be more secure than using a public network, using a VPN will always be more secure than not using a VPN.”

Misunderstanding security measures

Username and passwords have never been a particularly effective technique for keeping unwanted individuals from accessing systems. Adding multi-factor authentication (MFA) to accounts is a very simple method for adding a strong extra layer of protection to system access. Put simply, a trusted passwordless application uses the login process as an enforcement point, considering the context and conditions of the request including device health. Security teams establishing these controls are getting ahead of multi-factor phishing and biometric spoofing.

However, 37% do not use or do not know what MFA is. As nearly every smartphone now has a fingerprint or facial scanner, consumers are choosing to use biometrics instead of passcodes to unlock and login to applications on their personal devices. Organisations have an opportunity to leverage this technology, which is already in employees’ pockets, to drive adoption of strong MFA at work. This is also known as passwordless authentication.

Inconsistent education opportunities

A major challenge in closing the gaps in cybersecurity is educating millions of people at a consistent level. When asked where they seek advice about online and device security behaviour, the answers were stacked predominantly towards asking friends and family (39%) or just using common sense (35%). This approach was fairly consistent across age categories, although the use of social media as a reference spiked among younger generations; 35% of those between 16-34 use it compared to much lower levels from older respondents. General media, providers of apps and state authorities were ranked very low on the list of reference points – all below 25%.

Aligning business and consumer mindsets

The pandemic has accelerated hybrid and remote work. And with the line between work and home permanently blurred, the habits used for personal activity are increasingly applied to work ones.

Hybrid work is the future of work and robust strategy and investment around devices, protocols and security isn’t a nice to have – it’s critical. If ever it was time for organisations to get their house in order, it’s now.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Enhance control rooms with surveillance and intelligence
Leaderware Editor's Choice Surveillance Mining (Industry)
Dr Craig Donald advocates the use of intelligence and smart surveillance to assist control rooms in dealing with the challenges of the size and dispersed nature common in all mining environments.

A long career in mining security
Technews Publishing Editor's Choice Security Services & Risk Management Mining (Industry)
Nash Lutchman recently retired from a security and law enforcement career, initially as a police officer, and for the past 16 years as a leader of risk and security operations in the mining industry.

A constant armed struggle
Technews Publishing XtraVision Editor's Choice Integrated Solutions Mining (Industry) IoT & Automation
SMART Security Solutions asked a few people involved in servicing mines to join us for a virtual round table and give us their insights into mine security today. A podcast of the discussion will be released shortly-stay tuned.

Risk management: There's an app for that
Editor's Choice News & Events Security Services & Risk Management
Zulu Consulting has streamlined the corporate risk management process with the launch of Risk-IO, a web-based app designed to consolidate and guide risk managers through the process, monitoring progress as one proceeds.

Integrated information platform for risk management
Editor's Choice News & Events Security Services & Risk Management
Online Intelligence recently launched version 7 of its CiiMS risk and security platform. Speaking to SMART Security Solutions after the launch event, the company’s Arnold van den Bout described the enhancements in version 7.

Unlocking Africa's AI potential
Editor's Choice News & Events AI & Data Analytics
Africa's AI market is set to grow exponentially; by investing in AI education, training, and ethical practices, African nations can harness the power of AI to transform the continent and create a brighter future for its people.

The CIPC hack has potentially serious consequences
Editor's Choice Information Security
A cyber breach at the South African Companies and Intellectual Property Commission (CIPC) has put millions of companies at risk. The organisation holds a vast database of registration details, including sensitive data like ID numbers, addresses, and contact information.

Global Identity Fraud Report revealing eight-month ‘mega-attack’
Editor's Choice Security Services & Risk Management
AU10TIX recently released its Q4 Global Identity Fraud Report, with the research identifying two never-before-seen attack patterns, with the worst case involving 22 000+ AI-generated variations of a single U.S. passport.