Study Finds Enterprise Security Risks as Managers Share Devices
Security experts are alarmed as this harmful habit puts companies at risk.
Note: TDWI’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.
The latest research by NordVPN shows that people working in senior positions are more willing to share their devices with colleagues. In fact, management (from supervisor to director) is five times more likely to share their work gear than their employees. With insider threats responsible for 60 percent of data breaches, this poses a huge risk to corporate data.
“Managers are the most sharing when it comes to gadgets. They also have access to the most valuable information (like customer leads, agreements, and contracts). At the same time, a lot of employees lack cybersecurity knowledge, which puts sharable devices and the data they may store at risk,” Daniel Markuson, a digital privacy expert at NordVPN stated.
Why Do Managers Share Their Devices?
The increased sharing by management could be due to the need to share information quickly with their teams or even because they often rely on assistants and other supporting staff to sort out practical issues. So, it might make sense to temporarily hand someone your device to show them something or ask them to do a quick task.
On the other hand, it could also be due to management having greater access to devices or access to better devices. It’s not surprising that the most sharing positions in our surveys appear to be HR managers in the U.S. and CTOs in the UK, which makes sense given these roles’ specific focus on working with people or technology, respectively.
Sharing Device Means Putting Data at Risk
Eighty-seven percent of those in the most senior positions pay attention to protecting files on their personal devices, with full disk encryption being a popular option providing protection if the whole device is lost or stolen. However, research also showed that almost 40 percent of junior employees do not encrypt their files in any way or use weak encryption methods (such as renaming files and folders). This indicates a lack of cybersecurity knowledge in junior positions.
“Managers have to be aware of the risks their company faces when they permit other people to use their device, especially in the working environment, where the data is extremely sensitive. It is not only about what colleagues may see but also about what they do on your device, what links they click, and which websites they visit,” Daniel Markuson states.
The lack of awareness and irresponsible online activity while using shared devices can result in company data leaks and cyberattacks. This happens to multiple organizations every year, including some of the biggest ones, such as Twitter in July of 2020, when hackers gained access to 130 private and corporate Twitter accounts with at least a million followers each. According to Twitter, the breach happened because of an insider threat.
How to Protect Corporate Data
“I would highly recommend not to share devices among employees. Every employee should be responsible for his or her device. In case a device is shared, it is much harder to identify the insider threat that caused the cybersecurity problem,” Markuson notes.
In addition, the expert recommends having clear cybersecurity policies and training personnel to follow them. Companies should also regularly monitor the use of computer equipment and systems to check employee’s digital literacy.
Creating sophisticated passwords and updating the software and tools regularly is essential. To keep files on employee’s devices safe, companies should periodically back up data and encrypt important information using effective tools, regardless of whether those devices are shared or not.
The digital privacy expert also recommends getting a complete set of cybersecurity tools, including a business VPN. Businesses need agile and cost-effective security solutions to prevent unauthorized access to valuable corporate data.
For details, visit nordvpn.com.