71 percent of employees have sensitive work data on personal devices

Allowing people to use their own devices for work comes with risks. A new report from SlashNext shows that 43 percent of employees were found to have been the target of a work-related phishing attack on their personal devices.

When it comes to securing BYOD hardware, 90 percent of security leaders say that protecting employees' personal devices is a top priority, but only 63 percent say they definitely have the tools to do so adequately.

"With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information," says Patrick Harr, CEO of SlashNext. "In 2022 we saw that the use of personal devices and personal apps were the direct cause of many high-profile corporate breaches. This is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber criminals. Threat actors know there are fewer security controls on personal mobile devices, and they have increased efforts to compromise these devices and access valuable corporate data."

The report finds 71 percent of employees store sensitive work passwords on their personal phone, and 66 percent use their personal texting apps for work.

On the employer side of the coin, 95 percent of security leaders say that phishing attacks via private messaging apps are an increasing concern. 85 percent of employers require work-related apps to be installed on employees' personal devices, while 89 percent of IT and security leaders acknowledge legal concerns about having access to employees’ private data.

81 percent of employers say the solution for employee mobile data security and privacy is to give employees a separate phone just for work, which effectively doubles the attack surface for threat actors.

Interestingly more employees are worried about being the target of a corporate phishing attack than about employer surveillance on their personal devices.

"Employees want to protect sensitive company information on their devices, but not at the cost of their privacy," continues Harr. "The tricky part is striking the right balance. As employees continue to use their personal devices for work, using private messaging and texting apps, more breaches will be reported through the mobile channel. Given the expanded threat surface, employers need to ensure they have the necessary tools for securing corporate data while maintaining employee privacy on personal devices."

The full 2023 Mobile BYOD Security Report is available on the SlashNext site.

Photo credit: Alessandro Colle/Shutterstock