SlashNext’s 2023 Mobile BYOD Security Report Reveals 71% of Employees Have Sensitive Work Information on their Personal Devices; 43% Were the Target of Phishing Attacks
March 2023 by SlashNext
SlashNext released its 2023 Mobile BYOD Security Report. In partnership with a third-party research firm, SlashNext surveyed 300 individuals about the use of personal devices for work-related tasks, how employers balance corporate security and employee privacy amidst the rise of BYOD, and the resulting cybersecurity gaps. The study found that 90% of security leaders say protecting employees’ personal devices is a top priority, but only 63% say they definitely have the tools to do it adequately. Additionally, 43% of employees were found to have been the target of a work-related phishing attack on their personal devices.
"With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information," said Patrick Harr, CEO, SlashNext. "In 2022 we saw that the use of personal devices and personal apps were the direct cause of many high-profile corporate breaches. This is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber criminals. Threat actors know there are fewer security controls on personal mobile devices, and they have increased efforts to compromise these devices and access valuable corporate data."
Key findings of the report include:
• 71% of employees store sensitive work passwords on their personal phone
• 95% of security leaders say that phishing attacks via private messaging apps is an increasing concern
• 66% of employees use their personal texting apps for work85% of employers require work-related apps to be installed on employees’ personal devices
• 89% of IT and security leaders acknowledge legal concerns about having access to employees’ private data
• 81% of employers say the solution for employee mobile data security and privacy is to give employees a separate phone just for work, which effectively doubles the attack surface for threat actors
• More employees are worried about being the target of a corporate phishing attack than employer surveillance on their personal devices
• 98% of employers say that even with regular training, employees are still susceptible to phishing and other attacks
"Employees want to protect sensitive company information on their devices, but not at the cost of their privacy," continued Harr. "The tricky part is striking the right balance. As employees continue to use their personal devices for work, using private messaging and texting apps, more breaches will be reported through the mobile channel. Given the expanded threat surface, employers need to ensure they have the necessary tools for securing corporate data while maintaining employee privacy on personal devices."
With the expansion of today’s threat landscape to mobile, security awareness training is not enough to keep employees and corporate data safe. Which means every security plan must include BYOD mobile devices, and employers should implement a strategy that includes robust AI phishing controls to address all variations of phishing attacks, while preserving employees’ privacy.