Buy iPass
Support

iPass Blog

ObserveIT: Your Employees Are Probably Exposing Your Data

By Alex Braelow

Employees are probably exposing your data

One statistic that is all too often overlooked by those charged with forming a company’s mobility strategy is that 100% of the company’s employees have personal lives. Which means, while they’re not at work, employees still use their devices to connect to Wi-Fi. And presumably, a non-zero percentage of their device usage will involve work related things.

While this is far from a shocking revelation, it’s important to keep it in mind for a number of reasons. First and foremost being corporate security. It takes one employee connecting to one rogue hotspot to throw an entire company into panic mode. In our own 2018 Mobile Security Report, we found that 81% of CIOs said that their company experienced a Wi-Fi related security incident in the last year. Public Wi-Fi hotspots, such as those in cafes and coffee shops, were the primary culprit.

Now, it seems like every week we read a new study or survey detailing the horrors of public Wi-Fi usage. This week’s cautionary tale comes courtesy of ObserveIT, which, in a recent survey, found that more than three quarters of people will use work devices to connect to public Wi-Fi while traveling, putting corporate data at risk.

ObserveIT, an insider threat management software firm, surveyed 1,000 US employees, who have traveled with corporate devices in the past year. They found that most have engaged in risky behaviors for the sake of convenience. Imagine that!

Here are some quick hitters from the survey:

  • While 55% of survey respondents use VPNs to access company email and files while working remotely, only 17% of respondents said they always use a VPN while working outside the office.
     
  • 63% of respondents said they use free/unlocked Wi-Fi to access work emails and files.
     
  • 21% of respondents have left a work device unattended in public while traveling or working remotely.
     

In addition, ObserveIT found that 55% of survey respondents plan to bring a work device while traveling for the holiday season. It warns that organizations should, therefore, be doing more to educate employees about how to keep corporate data safe while traveling. Highlighting the severity of the problem, ObserveIT’s survey revealed that nearly half of the respondents said their company doesn’t have any travel-specific cybersecurity rules, or they aren’t aware of any.

Mike McKee, the CEO of ObserveIT, had this to say: "Not only does this research confirm that cybersecurity isn’t top of mind while employees are traveling, but it also highlights a major gap in security awareness training around mitigating the threats posed by remote work. While technology has enabled people to be productive regardless of location, it’s also creating new ways for hackers to infiltrate otherwise secure systems. Organizations can’t just focus on what’s happening within their four walls. Rather, they need to take a holistic approach that puts security first, wherever work is getting done."

Before you begin to panic, however, ObserveIT does offer some sound advice. To protect corporate data, users should always connect to a VPN when accessing work files remotely, and they should never leave their work devices unattended in public.

Additionally, ObserveIT recommends that employees never use public Wi-Fi for work, and they never use personal devices to access sensitive corporate data. While sound recommendations on paper, we disagree. First, we believe you can use public Wi-Fi for any sensitive personal or business task, as long as you have a VPN. And second, the reality is that people will not stop accessing corporate data with their own mobile devices.

Many businesses have a BYOD (Bring Your Own Device) policy for their employees. According to a report by Syntonic, for instance, 87% of companies rely on their employees using personal devices to access business apps. Furthermore, the popularity of BYOD is on the rise. Curbing personal device use is unlikely. Therefore, educating users and encouraging smart mobile security practices is critical for preventing a debilitating security incident.

Read the ObserveIT survey for yourself.