“While technology has enabled people to be productive regardless of location, it’s also creating new ways for hackers to infiltrate otherwise secure systems," said Mike McKee, CEO of ObserveIT, which helps corporate security teams prevent cybersecurity threats from within their companies. Most U.S. workers use public Wi-Fi on corporate devices or use unauthorized devices to access work email or files. Cybersecurity simply isn't their utmost priority, according to a survey of 1,000 U.S. workers who've traveled with company devices in the past year. ObserveIt conducted the survey in October.
The survey found that more than three-fourths of U.S. workers who've traveled with corporate devices in the past year connect to free or public Wi-Fi. Sixty-three percent of workers use public Wi-Fi to access work emails and files, which could make employees liable for damage or theft. And 54 percent use unsanctioned, nonwork devices to access company information; the risk there is that many companies have dedicated staff monitoring the need for system updates and scans on company devices. Both scenarios present an easy opportunity for cybercriminals to gain access to company systems or to any materials being sent or received.
Fifty-five percent use a virtual private network to connect when they're outside the office, according to ObserveIt. Only 17 percent always use VPN, which offers more powerful encryption.
But such travelers aren't necessarily flouting the rules laid out by their companies. Almost half work for companies that don't have companywide cybersecurity guidelines for travel or they're unaware of such guidelines.
Fifty-five percent plan to bring a work device on holiday travel. "The moment that a workplace device is taken out of a more controlled environment, the risk of that device being stolen, damaged, or broken into increases," according to the company. "It essentially amplifies the potential that a malicious individual or group might be made aware of your privileged access to valuable systems, files, and data."
ObserveIt predicts that more companies will create roles or divisions to manage insider cybersecurity threats, which can range from purposeful violations to negligence like logging on to public Wi-Fi while traveling. Travel managers can look out for such opportunities, as formal Insider threat management programs may cross departmental lines.