Sun of a breach: Don’t bring cyber risks back to work from the beach, urge cybersecurity experts
As people go on their annual holidays, could they be risking the cybersecurity of their workplaces? A new finding from the Palo Alto Networks Trust in the Digital Age online survey, suggests many people could be taking work-issued devices like smartphones and tablets on holiday and using them on unsecured Wi-Fi networks, despite the known security risks.
The online study of 2,100 UK respondents was commissioned by Palo Alto Networks with YouGov alongside Dr Jessica Barker, an expert in the human nature of cybersecurity. The research explores the UK’s attitude towards new cybersecurity technologies and practices and how likely people are to trust them to protect their digital way of life.
Over one third (34%) of UK workers surveyed say they are likely to use their work device on an open Wi-Fi network when they go on holiday; millennials are most likely to do this with more than a third (35%) likely to connect their firm’s device onto a password-free beach bar hotspot, for example.
Dr Jessica Barker comments, “For many people, the line between work and leisure is blurred and this applies to our personal technology, too. Employees are expected to take their work devices on holiday, or in fact want to do so, to keep on top of emails and manage their workload before returning to the office.
“However, the threat from unsecured Wi-Fi is real and raising awareness of this issue is so important as this kind of attack takes advantage of well-meaning employees who do not want to put the security of their organisation at risk but do so unwittingly. If people need to access Wi-Fi while on holiday, then using a corporate or trusted VPN is crucial. Otherwise, leave work at home and enjoy the beach while avoiding a breach!”
Alex Hinchliffe, European threat intelligence analyst, Unit 42, Palo Alto Networks comments, “Everyone should be extremely cautious about using unsecured public Wi-Fi networks, whether it’s their personal or a work-issue device. And while the behaviour revealed by our study is worrying as it suggests too many people are all too ready to overlook company policy on acceptable use, it is encouraging that there are steps that businesses can put in place to educate employees properly on cybersecurity best practices. If you must have online access, you should use a secure VPN over an open connection or seek out secured Wi-Fi services.”
In addition to having the right policies in place and educating employees about the use of their work devices outside of work, it is important that organisations review their prevention strategies to minimise this kind of threat. Known cybersecurity vulnerabilities from open Wi-Fi networks can be better protected against through regular patching, meaning that even if an employee accidentally brings a bug onto the network the workplace cyber defences are much stronger against it. From firmware, to the operating system, to the applications, businesses need to think about and understand how best to update and improve their systems’ performance, security and privacy from human behaviours that could contribute to a serious problem.