Report: 71% of Employees Keep Work Passwords on Personal Devices

Four out of five employees store their work passwords on their personal phones, according to a Mobile BYOD (Bring Your Own Security Device) study by SlashNext.

The study also found that 66% of employees use their personal texting apps for work, further exposing the potential risks of allowing employees to use personal smartphones for business. The security report also found that 95% of security leaders are becoming more concerned about phishing attacks via private messaging apps. 

“With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information,” said SlashNext CEO Patrick Harr, regarding the findings. 

“In 2022, we saw that the use of personal devices and personal apps was the direct cause of many high-profile corporate breaches,” he said. “This is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber-criminals.”

Despite this, not many U.S. companies provide employees with phones specifically intended for work. A 2016 study of global business trends, the Steelcase Global Report, showed that just 26% of U.S. companies provide employees with mobile phones, and another study by Syntonic said that 87% of companies actually expect their employees to use their personal devices for work-related activities. 

With many employees working either remotely or a hybrid of remote and in office, it’s not unusual for smartphones to be used on the go to conduct work, making business data more vulnerable.

Phishing, one of the most prevalent forms of cybercrime and one of the biggest threats to organizations today, is one of the most common ways employees are hacked through their personal devices.These attacks prey on fear, trust and curiosity of users and remote workers are especially vulnerable to them. 

The SlashNext study analyzed billions of link-based URLs, attachments, and natural language messages in email, mobile and browser channels over a six-month period, and found more than 255 million attacks. This is a 61% spike in the rate of phishing attacks compared with 2021.

These cybercrimes also impact both small and large companies. A recent small business cybersecurity trends report from Comcast found that there has been a 152% increase in data breaches at small businesses in 2020 and 2021. In fact, more than half (58%) of small businesses have suffered at least one security incident.

With the prevalence of smart phones (an estimated 85% of U.S. adults own a smart phone), combined with rising cyber attacks and the popularity of remote work, companies are implementing more policies related to device usage. How can employers educate employees to identify and avoid phishing scams? Here are some tips.

Educate employees about phishing

Cybercriminals are continually changing their tactics, identifying new sophisticated ways to trick users into clicking links that direct them to compromised websites designed to steal their personal data. Train employees to recognize phishing tactics and to also stay up to date on current strategies used by threat actors, such as vishing through phone calls. If something looks suspicious or feels “off,” employees should trust their instincts and verify the email without clicking on the links and they should never trust a suspicious phone call from someone purporting to be with an agency or company needing personal identification information.

Institute policies regarding remote or hybrid work

Employees should strive to keep work and personal online activities separate. Using company email accounts exclusively for work-related purposes and company-issued devices when conducting work can help minimize the chance of phishing attacks.

The repercussions of a phishing attack can mean lost revenue and productivity. One careless click can compromise your entire network. Make sure employees understand how important it is to report and attack and have a system in place.