SlashNext Study Shows BYOD Security Requires Balancing Act

SlashNext, a leader in SaaS-based integrated cloud messaging security across email, web and mobile, released its 2023 Mobile BYOD Security Report. In partnership with a third-party research firm, SlashNext surveyed 300 individuals about the use of personal devices for work-related tasks, how employers balance corporate security and employee privacy amidst the rise of BYOD, and the resulting cybersecurity gaps.

The study found that 90 percent of security leaders say protecting employees’ personal devices is a top priority, but only 63 percent say they have the tools to do it adequately. Additionally, 43 percent of employees were found to have been the target of a work-related phishing attack on their personal devices.

“With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information,” said Patrick Harr, CEO, SlashNext. “In 2022 we saw that the use of personal devices and personal apps were the direct cause of many high-profile corporate breaches. This is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cybercriminals. Threat actors know there are fewer security controls on personal mobile devices, and they have increased efforts to compromise these devices and access valuable corporate data.”

Key findings of the report include:

  • 71 percent of employees store sensitive work passwords on their personal phone
  • 95 percent of security leaders say that phishing attacks via private messaging apps is an increasing concern
  • 66 percent of employees use their personal texting apps for work85 percent of employers require work-related apps to be installed on employees’ personal devices
  • 89 percent of IT and security leaders acknowledge legal concerns about having access to employees’ private data
  • 81 percent of employers say the solution for employee mobile data security and privacy is to give employees a separate phone just for work, which effectively doubles the attack surface for threat actors
  • More employees are worried about being the target of a corporate phishing attack than employer surveillance on their personal devices
  • 98 percent of employers say that even with regular training, employees are still susceptible to phishing and other attacks

“Employees want to protect sensitive company information on their devices, but not at the cost of their privacy,” continued Harr. “The tricky part is striking the right balance. As employees continue to use their personal devices for work, using private messaging and texting apps, more breaches will be reported through the mobile channel. Given the expanded threat surface, employers need to ensure they have the necessary tools for securing corporate data while maintaining employee privacy on personal devices.”

With the expansion of today’s threat landscape to mobile, security awareness training is not enough to keep employees and corporate data safe. Which means every security plan must include BYOD mobile devices, and employers should implement a strategy that includes robust AI phishing controls to address all variations of phishing attacks, while preserving employees’ privacy.

The full report is available at this link: