A recent survey by Armis, a security specialist, has highlighted that employees are “clueless” about cybersecurity.
This is alarming on multiple levels. The first is, that the frequency, cost and consequences of cybersecurity attacks have only risen this past year.
The UK has seen a shocking 31% rise in cyber crime over the pandemic. Half of UK businesses have been hit by a ransomware attack this past year- with 13% of those affected paying up. And the cost of ransomware attacks has more than doubled in 2021, with the cost of recovery being close to £12 million.
The risk of this happening to you, or any business owner here in the UK is very real.
A risk which is heavily increased by the fact that employees are now coming back into the office with their home devices.
Armis found that 71% of workers plan to bring their work from home devices back into the office - with 54% not thinking there is any risk associated with doing so.
When there is a whole host of risks. It’s such a concern that the National Cyber Security Centre has a whole page that extensively highlights the risks of BYOD (Bringing Your Own Device).
BYOD makes it easier for companies to suffer from deliberate data loss, accidental data loss, malicious exfiltration of data and malicious exploitation of devices due to weak security.
There’s also the risk of employees using out-of-date devices, which could lead to the exploitation of existing security vulnerabilities. Furthermore, the broader personal context of using a home computer may mean users share devices or passwords with others.
There is also the fact there is typically less corporate oversight over home devices, meaning there is a higher likelihood of malware or entry into devices remaining undetected.
This is not to say that BYOD should be entirely written off due to its security risks. It minimises overheads for procurement and provisioning of devices, not to mention it lets employees use devices they are already familiar with.
However, what is critical for companies now as more employees bring their home devices in, is to develop a BYOD policy.
Armis’s study indicated that more than a quarter of organizations have no policies in place outlining the appropriate use of personal devices for business. These organisations are facing a huge risk.
A BYOD policy, of establishing standards, boundaries and requirements when it comes to using home devices should be a requirement for every organisation post-pandemic.
Requiring multi-factor authentication, having policies relating to employee access, and having specific standards for forms of hardware allowed is critical.
Most importantly, employers must make an effort to teach their employees about cybersecurity and protecting their devices, for the benefit of their entire organisation.
With the study highlighting that 20% of those surveyed had no idea about the recent Colonial Pipeline cyber attack, there is clearly a gap in knowledge that needs to be addressed. By investing in the awareness of your employees, not only will your business face reduced security risks - but your employees will be better equipped to alert you to signs of one.
Something which will make your business significantly safer in the face of rising cyber attacks.