Jerrod Chong, Chief Solutions Officer at Yubico, considers the cyber dangers of letting your extending family use your work devices
With on and off restrictions still ongoing across the United Kingdom, it’s likely that more children are borrowing their parents’ old unpatched laptops and downloading or signing in to a half-dozen new learning apps. Meanwhile, many parents are logging into the same learning apps from their corporate laptops, or checking their work email from a personal device. The half-term break likely saw higher numbers of school children logging in to these same devices to complete homework or play video games. As remote work and online learning continues, households will be using both personal and work devices to carry out business and school activities. Because of this, successful social engineering and phishing attacks are more likely to give hackers an invite right into corporate data, and organisations must implement measures to protect against malware and cyber security breaches as the line between home and work becomes increasingly blurred.
“As the traditional work-life balance continues to shift, organisations need to be certain that the person logging into a company-issued laptop is actually an employee and not one of their children trying to complete an online assignment,” said Jerrod Chong, Chief Solutions Officer at Yubico. “In the same way, IT professionals need to be sure that a normally security-cautious accounting employee isn’t accessing the company’s finance system from the same device that someone else in their household used to play Minecraft the night before. To put it simply, an employee’s family members should now be considered your users too.”
Indeed, this merging of home and work means that if a hacker already has access to a user’s personal account, like a learning app or a gaming account, there is more opportunity for them to gain credentials to a corporate account. A phishing attempt can be as simple as a password reset request that a distracted parent or child could easily fall for. Furthermore, sharing devices and widespread hybrid learning models can be confusing and unfortunately, hackers thrive off of the chaos.
“As remote work and school is our current reality, organisations must change the way they approach security,” continued Chong. “Hackers will always take the path of least resistance to gain access to the corporate network and now, that path might just be your VP of Sales’ 10 year old daughter’s Minecraft habit. To remain secure, enterprises must adopt a zero trust mentality and authenticate every single user, every single time, on every single service. This must be done with a form of strong authentication that cannot be spoofed by email phishing attacks or man-in-the-middle attacks, and for productivity’s sake, must be seamless to the user.”