In today’s security landscape, compounded by the challenges of a hybrid workforce, IT leaders face significant obstacles in fully securing the workplace.

security

According to a new Cisco study, 31% of parents who share work devices with their children allow unsupervised access, with kids knowing the passcodes. Even without passcode knowledge, 49% of children are still left unsupervised.

“Allowing unauthorised people, including children, to access confidential data can lead to serious data breaches. For example, children might accidentally submit, change, or delete important information through an open browser or email,” warns Ameera Cassoojee, Cybersecurity Specialist at Cisco.

“It’s common for families to share devices, but IT leaders can prevent problems by setting up good security measures, automatically logging out inactive sessions, and understanding the needs of users.”

With 85% of working parents admitting to sharing a personal device used for work with a child in the last six months, IT teams must go beyond typical security concerns. They need to address the real-world complexities where security is often compromised for convenience, presenting ongoing threats.

The survey also highlights poor security practices among those sharing devices with children. Only 31% use multi-factor authentication for critical tasks, while 64% rely solely on “strong” passwords.

As over two-thirds of household devices are now shared among family members (75% versus 65% two years ago), it’s crucial to tighten security best practices and closely monitor device activity, whether managed or unmanaged, fixed or mobile, to ensure nothing slips through the cracks.

Cassoojee shares five tips to mitigate security risks of device sharing:

  1. Work with rather than against users. Allow users to create guest user accounts on devices to allow family members restricted use without access to business systems but benefitting from corporate cyber protection. Permitting guest accounts is less than ideal, but it’s better than having unauthorised users with full access to a device.
  2. Implement multi-factor authentication (MFA) or two-factor authentication (2FA). When a user accesses a new application or system, verify that the user intended to perform the action through an MFA/2FA ping or biometric recognition. A simple additional verification step will almost certainly prevent curious children from accessing sensitive systems.
  3. Keep sensitive business data protected. Not all data has equal security requirements, so guard sensitive data with additional elements such as zero-trust network access (ZTNA), VPN, or multifactor authentication (MFA/2FA) so that it can only be accessed by the appropriate device user.
  4. Back-up, back-up, and back-up again. The family home environment is hazardous for fragile electronic devices. Spilled coffee, lemonade, or paint can easily disable a device, as can falls from heights onto a tiled kitchen floor. Ensuring that important data isn’t lost and that replacement devices can be easily restored from backed-up data is vital to keeping hybrid workers operational.
  5. Educate users about cyber security. Devious users have a nasty habit of finding ways to subvert security protections if they find that these protections get in the way of their goals. Make sure users are aware of the importance of cyber security, the consequences of getting it wrong, as well as common threats and attacks. Simple policies reinforced with sanctions for transgressions help users understand what is acceptable and what is not.

The Cisco Cybersecurity Readiness Index 2024 report for South Africa can be viewed here.