Relaxed home cybersecurity could render consumers accidental ‘inside actors’

Issue 2/3 2023 Editor's Choice, Cyber Security, Smart Home Automation

A new survey from Cisco of general consumers across Europe and Middle East regions reveals interesting trends on device security. Unwitting insider threats are becoming an increasingly common part of the attack chain. Even the smallest of data leaks can lead to huge ramifications further up the business chain and poor cybersecurity at home could prove to be a weak link for many.

Using personal devices for work

With the advent of hybrid work and against a backdrop of intensified cyber threats, the research was conducted with the aim of understanding attitudes to cybersecurity in the home. The results reveal the huge number of people who frequently use their personal device for work tasks such as sending emails (58%), make work calls (48%) and share documents (42%). Only 10% have never chatted about work tasks on their personal device, or worked on a business document.

Of over 8000 respondents, 90% have two or more connected devices and 84% share at least one connected device with someone else in the house. Amid a global surge in cybercrime at all levels, respondents do appear concerned about the threat of attack, with 57% admitting they’re worried about their personal devices being hacked. However, despite concerns and the number of connected devices shared in the home, 1 in 6 respondents have never changed their Wi-Fi password and for 1 in 5 it’s been a year or more.

Risk is not only a factor at home, as so many people now work in public spaces or check-in on work tasks on the move. The always-on mentality of so many means people are risking shortcuts to connectivity. 76% of respondents admit to having used public Wi-Fi networks, such as bars, airports and restaurants, for work tasks.

“On a public Wi-Fi network, you don’t know who else is sharing the connection, what their motivations are, or how much effort the owner of the network has put into securing it,” says Martin Lee, EMEA Lead at Talos, Cisco's threat intelligence and research organisation. “Using your phone’s hotspot feature (with a strong password) will be more secure than using a public network, using a VPN will always be more secure than not using a VPN.”

Misunderstanding security measures

Username and passwords have never been a particularly effective technique for keeping unwanted individuals from accessing systems. Adding multi-factor authentication (MFA) to accounts is a very simple method for adding a strong extra layer of protection to system access. Put simply, a trusted passwordless application uses the login process as an enforcement point, considering the context and conditions of the request including device health. Security teams establishing these controls are getting ahead of multi-factor phishing and biometric spoofing.

However, 37% do not use or do not know what MFA is. As nearly every smartphone now has a fingerprint or facial scanner, consumers are choosing to use biometrics instead of passcodes to unlock and login to applications on their personal devices. Organisations have an opportunity to leverage this technology, which is already in employees’ pockets, to drive adoption of strong MFA at work. This is also known as passwordless authentication.

Inconsistent education opportunities

A major challenge in closing the gaps in cybersecurity is educating millions of people at a consistent level. When asked where they seek advice about online and device security behaviour, the answers were stacked predominantly towards asking friends and family (39%) or just using common sense (35%). This approach was fairly consistent across age categories, although the use of social media as a reference spiked among younger generations; 35% of those between 16-34 use it compared to much lower levels from older respondents. General media, providers of apps and state authorities were ranked very low on the list of reference points – all below 25%.

Aligning business and consumer mindsets

The pandemic has accelerated hybrid and remote work. And with the line between work and home permanently blurred, the habits used for personal activity are increasingly applied to work ones.

Hybrid work is the future of work and robust strategy and investment around devices, protocols and security isn’t a nice to have – it’s critical. If ever it was time for organisations to get their house in order, it’s now.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Accenture Technology Vision 2023
Editor's Choice News
New report states that generative AI is expected to usher in a ‘bold new future’ for business, merging physical and digital worlds, transforming the way people work and live.

Economists divided on global economic recovery
Editor's Choice News
Growth outlook has strengthened in all regions, but chief economists are divided on the likelihood of a global recession in 2023; experts are concerned about trade-off between managing inflation and maintaining financial stability, with 76% anticipating central banks to struggle to bring down inflation.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Addressing the SCADA in the room
Industrial (Industry) Cyber Security
Few other sectors command the breadth of purpose-built and custom devices necessary to function, as the industrial and manufacturing industries. These unique devices create an uncommon risk that must be assessed and understood to fully protect against incoming attacks.

Vulnerabilities in industrial cellular routers’ cloud management platforms
Industrial (Industry) Cyber Security Security Services & Risk Management
Research from OTORIO, a provider of operational technology cyber and digital risk management solutions, unveils cyber risks in M2M protocols and asset registration that expose hundreds of thousands of devices and OT networks to attack

SAFPS to launch a platform to combat fraud
Editor's Choice News Security Services & Risk Management
In response to the growing need for a proactive approach to fraud prevention, the SAFPS is developing a product called Yima, which will be a one-stop-shop for South Africans to report scams, secure their identity, and scan any website for vulnerabilities.

NEC XON appoints Armand Kruger as Head of Cybersecurity
News Cyber Security
NEC XON has announced the appointment of Armand Kruger as the Head of Cybersecurity. Kruger will oversee all cybersecurity offerings including cybersecurity strategy, programmes, and executive advisory.

Caesar Tonkin new head of cybersecurity business, Armata
News Cyber Security
Vivica Holdings has announced the appointment of cybersecurity expert Caesar Tonkin to head up its cybersecurity business Armata, which provides technology solutions and niche expertise needed to help businesses better protect themselves.

Surveillance-free surfing
News Cyber Security Products
Zoho has launched Ulaa, a privacy-centric browser built specifically to help users secure their personal data and activity by providing a browser solution that universally blocks tracking and website surveillance.

Troye and Arctic Wolf join forces
News Cyber Security Security Services & Risk Management
Troye has announced a strategic partnership with Arctic Wolf to enable Troye to provide customers with enhanced cybersecurity solutions and services that help protect their businesses from advanced cyber threats.