Sharing devices at work could be your company's biggest security risk

Business Plan
(Image credit: Pixabay)

Despite numerous warnings, senior management is still sharing their corporate devices with their colleagues and coworkers, often risking the security of the entire organization, new research has found.

A report from NordVPN claims people working in senior positions are five times more likely to share their work devices than employees, with HR managers (in the US), and Chief Technical Officers (in the UK) the most likely culprits.

Despite the majority of managers (87%) making sure to secure files on their personal devices (usually through full-disk encryption), insider threats are still responsible for 60% of data breaches.

NordVPN says there may be multiple reasons why managers willingly risk company’s security by sharing their devices, with convenience topping the list, as management often needs to share information with their teams quickly, and also often relies heavily on assistants and other supporting staff to manage practical issues. 

Consequently, handing over a device to another worker may even make sense, in the moment.

Another reason may be due to management having greater access to better devices with greater functionality, and then feeling that they need to pass this on to their employees.

Risky business

NordVPN says such examples should be a warning against sharing devices with anyone within a business. Insider threats are responsible for almost two-thirds of all data breaches, and by sharing a device with other people, identifying the insider threat that caused the cybersecurity problem becomes infinitely harder.

SMBs and other organizations should also have clear and concise cybersecurity policies and make sure to train their employees often, in order for them to follow those policies. Regular monitoring of both the gear and systems employees use should also be part of those cybersecurity policies, it was added.

Finally, all workers should make sure they create sophisticated passwords, upgrade their software regularly, and periodically back up and encrypt important data. Adding a complete set of cybersecurity tools, including a VPN, into the mix, is also recommended.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.