A Lookout Inc. survey shows that 85 percent of enterprise employees who can work remotely plan to skip the office today. A portion of these individuals are poised to work remotely, creating a scenario for potential hackers to carry out focused phishing assaults.
This presents a grave cyber threat to businesses, as 80 percent of survey participants admitted that when working from home on Fridays in the summer months, they are more relaxed and distracted.
Another 68 percent revealed they are more likely to use their personal devices for work, and 13 percent admitted they’d fallen for a phishing attack while working from home.
Most worrisome, 21 percent of employees said they would continue working business as usual in the event they fell victim to a phishing attack while working remotely on a Friday, with nine percent indicating they’d wait until after the weekend to report it.
However, stopping employees working remotely isn’t a viable option for employers, as 65 percent said they’d leave their jobs if the rules around remote work changed.
The survey follows the 2022 Lookout Global State of Mobile Phishing Report which found:
- In 2022, more than 50 percent of personal devices were exposed to a mobile phishing attack every quarter.
- The percentage of users falling for multiple mobile phishing links in a year is increasing rapidly year over year.
- Organizations that operate in highly regulated industries – including insurance, banking, legal, healthcare and financial services – were the most heavily targeted enterprises.
Most employees working remotely use personal devices and networks that IT does not control. Here’s what organizations can do to stay safe:
- Implement consistent policies across the board. These policies should carry forward to principles of zero trust, which can be applied to any user and any data they try to access, including those using BYOD mobile devices. Continuous validation of users and data is critical — especially as attackers get more discreet about compromising employee credentials. Deviation from baseline behavior should be an immediate reason to have a user reauthenticate, and one of the most obvious deviations is when they access data they shouldn’t be accessing.
- Organizations should be able to protect any device or user from phishing attacks — including mobile devices. Attackers have set their sights on compromising employee credentials through mobile devices because users can be vulnerable to social engineering across a myriad of apps. In the context of hybrid work, when employees move between work and personal tasks on their mobile devices, protecting against mobile phishing is a critical first line of defense.
- Advanced context-aware data protection is essential to every organization. Based on who is trying to access data, where they’re accessing it from, or what device they’re accessing it on, an organization’s security solution should be able to allow, limit or deny access to that data. Doing so minimizes the risk of compliance violations, data
Learn more about Lookout Mobile Endpoint Security.