42% Indian workers access corporate data on personal devices

As the lines between work and home life get increasingly blurred, 42 per cent of workers in India are using personal devices to access corporate data, often via services and applications hosted in the Cloud, a new report warned on Thursday.

These personal smartphones, tablets and laptops may be less secure than corporate equivalents and exposed to vulnerable Internet of Things (IoT) apps and gadgets on the home network, according to the cloud security firm Trend Micro’s ‘Head in the Clouds’ report.

Over one third (37 per cent) of remote workers surveyed do not have basic password protection on all personal devices.

“The fact that so many remote workers use personal devices for accessing corporate data and services suggests that there may be a lack of awareness about the security risks associated with this,” said Dr Linda K. Kaye, a cyberpsychology expert.

More than half (57 per cent) of Indian remote workers have IoT devices connected to their home network, 12 per cent using lesser-known brands.

Many such devices — especially from smaller brands — have well-documented weaknesses such as unpatched firmware vulnerabilities and insecure logins.

“There’s an additional risk to enterprise networks post-lockdown if malware infections picked up at home are physically brought into the office via unsecured personal devices at organizations with bring-your-own-device (BYOD) practices,” the findings showed.

The research also revealed that 81 per cent of remote workers in India connect corporate laptops to the home network.

Although these machines are likely to be better protected than personal devices, there is still a risk to corporate data and systems if users are allowed to install unapproved applications on these devices to access home IoT devices.

“IoT has empowered simple devices with computing and connectivity, but not necessarily adequate security capabilities,” said Nilesh Jain, Vice President, Southeast Asia and India, Trend Micro.

They could actually be making hackers’ lives easier by opening backdoors that could compromise corporate networks.

“This threat is amplified as an age of mass remote work blurs the lines between private and company devices, putting both personal and business data in the firing line,” he added.

Employers must ensure the remote workers are compliant with existing corporate security policies, or, if needed, companies should refine these rules to recognise the threat from BYOD practice and IoT devices and applications.

“Tailored cybersecurity training which recognises the diversity of different users and their levels of awareness and attitudes around risks would be beneficial to help mitigate any security threats which may derive from these issues”, Kaye said.

The global survey had responses from 13,000 remote workers across 27 countries to find out more about the habits of distributed workforces during the pandemic.