Cybersecurity Awareness Training Can Help Mitigate the Risk of Personal Use on Company-Issued Devices
Mimecast-sponsored research of more than 1,000 businesspeople with company-issued devices finds that 73% of employees regularly use their work device for personal activities.
Because the pandemic has moved workforces across the globe into home offices, there are more people working remotely on company-issued devices than ever before. According to IDC, PC shipments saw a 11.2% year-over-year growth in Q2 of 2020 with 72 million units shipped.
Without the possibility of superiors walking by in the workplace, employees are now freer than ever to use their company-issued devices for personal use. With this increased blurring of personal and professional life, it’s no surprise that 73% of survey respondents admitted to extensively using their work device for personal use — and 60% of respondents reported an increase in personal use since the pandemic hit.
We’re not talking about a quick social media check-in. Nearly half of respondents admitted that they engage in personal activities on a company-issued device for over four hours per day. Much of this time is spent on personal emails, financial transactions and online shopping.
Needless to say, the more employees explore unsanctioned websites and applications, the more likely they are to come across malicious links and other cybersecurity bad actors. So what can be done to keep your organization safe?
The numbers don’t lie: employees are using their company-issued devices for personal use en masse —and there’s nothing indicating they’ll stop any time soon. The outright banning of personal use is probably unrealistic. Instead, organizations should structure their security strategies keeping in mind the inevitability of personal use on corporate computers.
The survey findings also underscore the importance of an effective cybersecurity awareness training program. Sixty-four percent of employees reported receiving specialized work from home related cybersecurity awareness training from their employers. However, the countries that reported the most cybersecurity awareness training also reported the most clicking on suspicious emails. Why this inverse correlation between training and poor cybersecurity behavior?
The answer is simple. Boring, outdated cybersecurity awareness training simply doesn’t work. In a chaotic and cluttered 2020, organizations need training programs that will cut through the noise. The old, stuffy slide deck isn’t going to cut it anymore.
The research found that certain age cohorts, genders and residents of specific countries are more likely to use their company-issued devices for personal use, click malicious links and report suspicious emails. Cybersecurity awareness training that is frequent, brief and engaging can help level out awareness among these diverse demographics, making your company more well-rounded in its security approach.
In analyzing this survey data from the UK, U.S., Australia, South Africa, Netherlands, Germany, Canada and UAE, we developed six key takeaways and recommendations for dealing with personal use on company-issued devices. To learn more about the nature of employees' personal activity, which countries' workforces are most at-risk, and what organizations can do to remain cyber resilient, download the Ebook.
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!