Martin Lee, EMEA Lead for Cisco Talos, outlines his 5 top tips to mitigate the ongoing threat of device sharing, which he compiled off the back of a worrying Cisco report that revealed a surprising number of working parents share their work devices with children, unsupervised, and with knowledge of passcodes.
With organizations in the United Arab Emirates increasingly recognizing the importance of a flexible work model, maintaining consistent adherence to IT and security protocols in such a dynamic environment presents a unique set of challenges.
Being a working parent is always challenging.
No parent will be surprised to learn that work devices are sometimes shared with children. The Cisco survey among working parents, in the UAE, revealed that 91% of working parents have shared devices with children during the past six months. Crucially, of those who shared a device, 40% allow unsupervised access while sharing their passcodes, and 54% of those without access to passcodes remain unsupervised.
Of course, any unauthorized access to confidential data constitutes a potential data breach. However, when children gain unauthorized access, there is an added risk of unintentional submission or deletion of data through an open browser tab or accidental email breaches.
Across the entire employment spectrum there will always be instances where employees will cut corners for their convenience and create threats to security. Insider threats have always been within the remit of IT security teams, but now we have to add the security issues that arise in chaotic real-world environments.
While we cannot completely eliminate threats or human error, we can surely adopt a zero-trust security strategy to ensure that, as much as possible, the person using the keyboard is the individual authorized to access the system or data.
- Work with rather than against users. Allow users to create guest user accounts on devices to allow family members restricted use without access to business systems but benefitting from corporate cyber protection. Permitting guest accounts is less than ideal, but it’s better than having unauthorised users with full access to a device.
- Implement multi-factor authentication (MFA) or two actor authentication (2FA). When a user accesses a new application or system, verify that the user intended to perform the action through an MFA/2FA ping or biometric recognition. A simple additional verification step will almost certainly prevent curious children from accessing sensitive systems.
- Keep sensitive data protected by a VPN. Not all data has equal security requirements, protect sensitive data so that it can only be accessed via VPN requiring the user to enter their username, password and verify via MFA/2FA.
- Back-up, back-up and back-up again. The family home environment is hazardous for fragile electronic devices. Spilled coffee, lemonade or paint can easily disable a device, as can falls from height on to a tiled kitchen floor. Ensuring that important data isn’t lost and that replacement devices can be easily restored from backed-up data is vital to keeping hybrid workers operational.
- Educate users about cyber security. Devious users have a nasty habit of finding ways to subvert security protections if they find that these protections get in the way of their goals. Make sure users are aware of the importance of cyber security, the consequences of getting it wrong, as well as common threats and attacks. Simple policies reinforced with sanctions for transgressions help users understand what is acceptable and what is not.
