For an IT professional, the beauty of an office just might be its clear boundaries: a set of machines, servers, and firewalls neatly contained in one building.
Such a serene arrangement won’t hold, however, as employees work from home and send emails from personal phones, tablets, or maybe that random 3DS you’ve got in a drawer.
“The perimeter has vanished. It’s like a limitless border now,” said Anthony Oren, CEO of Nero Consulting. “A company could have employees all over the country, in different homes. And we have to protect all of that.”
Organizations will need to address the risk caused by the growing use of personal devices in the enterprise, according to industry pros who spoke with IT Brew. In order to protect valuable work assets, companies should enact measures that authenticate not just the user but the device.
Some stats
Employees are working from home and using their own devices to do it.
- According to an early 2022 Pew Research study, 59% of US workers who said their jobs can mainly be done from home are WFH’ing most or all of the time.
- In December 2021 and January 2022, Oxford Economics and Samsung polled 500 executives and 1,000 employees; 57% of respondents said smartphones are essential to their jobs, and 39% of employers allow staff to work on their own devices.
- BlackCloak surveyed over 1,000 members of its platform and found that 87% of executives’ personal devices had no security installed, and 27% contained malware.
The risk of working from phone
With one wrong download, a personal device can install malicious code, including spyware that can funnel company data while an employee opens business applications like email, said Paddy Harrington, a senior analyst at Forrester.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“That corporate information is now getting siphoned off through that spyware app, sent out to malicious actors who are now collecting that data, and maybe they’re also going to collect login information. So they now have a way to attack the network,” according to Harrington.
While IT teams frequently deploy two-factor authentication to verify a user, Harrington said that companies often fall short in establishing trust with the device.
Is it running the latest OS, for example? Does it have endpoint security? Is it a known device?
“A lot of companies don’t interpret the endpoint. So they don’t fully figure out the device connecting,” Harrington told IT Brew.
When an IT staff registers MAC addresses, corporate computer systems can recognize known endpoints. Such whitelisting, coupled with two-factor authentication, enable organizations to verify devices and bounce strangers. In other words, “If I don’t know something, deny it,” said Jerald Murphy, SVP at Nemertes Research, who recommended a MFA and MAC address combo.
In a WFH world, companies may just have to get used to company machines taking a ride in an Uber or important emails sitting on a tablet in the living room.
“There’s a fine line between ‘how long is this going to be a purely home computer before it actually becomes your company computer,’” Oren said.—BH
Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.