SMB employees are taking risks on unsecure devices

An abstract image of digital security.
(Image credit: Shutterstock)

Many SMB employees are gambling with their company’s security by connecting to corporate networks through personal, unsecured devices, a new report from Avast has warned, adding that most do so without approval.

The report found almost a third (31%) of SMB workers connect to their corporate networks using various personal devices, from PCs, to smartphones, and tablets, none of which come with security controls or antivirus software.

While some use a personal computer, others are connecting to corporate networks via smartphones. Of those, only 8% of PC users and 13% of smartphone users did so without getting permission beforehand.

Remote workers are a security liability

The report argues that in many instances, it’s not the fault of employees or bosses, as their organizations do little to help with working remotely, in a secure manner. 

Of all the IT decision-makers polled for the report, two-thirds (66%) did not provide employees with dedicated work devices, while a fifth (19%) actually encouraged employees to use their own gear. Just a quarter of ITDMs specifically said using personal devices for work was off-limits, and consequently - 15% noticed unidentified and unauthorized devices on the corporate network, for which they believe to be employee devices.

But to malicious actors, remote workers are often “low-hanging fruit”, a quick and easy way to install malware on a corporate network. Personal devices are often used across the household, people share login credentials and leave their business email on various online services. 

Without a dedicated work device, a proper endpoint protection solution, and a way to securely connect to the corporate network (via, for example, a VPN), employees could involuntarily allow cybercrooks access to sensitive company data, or a way to install ransomware.

“One of the biggest challenges with the move to remote and hybrid working has been ensuring employees have the freedom to do their jobs in a safe and productive manner,” commented Marc Botham, VP Worldwide Channel & Alliances at Avast. 

“IT teams have understandably done their best to make this happen, but as we begin to resume some form of normality, it’s crucial that the security of personal devices accessing the corporate network is treated with as much importance as the security of corporate devices.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.