An Employer’s Quick Guide To Employee Device Security

Discover the potential risks, the latest trends and how you can help

Globally, the costs associated with cybercrime are skyrocketing. While cost estimates vary, multiple studies put the damage in the trillions, including Cybersecurity Ventures’ $6 trillion estimate for 2021 and $10.5 trillion projection for 2025.

In response, many organizations are investing heavily in the protection of their internal devices and networks to prevent data breaches and other costly acts by cybercriminals.
 

Yet what about employees’ personal devices? How much of a security risk are they to your business? What are the dangers to know about? What steps can and should employers take to help protect employees from hackers and scammers? This Quick Guide will detail what you should know about employee device security.

Malware Is Everywhere

You almost certainly have employees with malicious software — often referred to as malware — on their personal devices.

In February 2021, The Harris Poll (on behalf of NortonLifeLock) conducted an online survey of 10,030 adults in 10 countries and found that 22 percent reported detecting malware on their connected devices. Since many people may be unaware that their devices are compromised, the actual percentage of malware victims may likely be higher.

One reason so many people are victims of malware is the proliferation of devices. By 2023, there are expected to be 3.6 networked devices per person and nearly 10 devices and connections per household, according to the 2020 Cisco Annual Internet Report.

Employees today move across mobile devices, tablets, laptops and desktops, and many use them for both work and non-work purposes. As a result, when your organization’s employees have compromised personal devices, the consequences can include:
 

• Employees suffering identity theft. This leads to financial harm, financial stress and tremendous inconvenience for those impacted. A February 2021 survey of 5,006 US adults conducted by The Harris Poll (on behalf of NortonLifeLock) found that more than 52 million Americans have been affected by identity theft. Further, 503 US adults who suffered identity theft in 2020 reported an average of $3,306 stolen, the survey found.
• Your company data can be exposed.
• Employees could potentially introduce dangerous files into your corporate data infrastructure.

The Specific Threats to Employees’ Devices

Malware comes in many different forms, as cybercriminals identify weak points in device security and continue to evolve ways to trick people into downloading malicious software.

Here are some of the key threats to know.

Ransomware: Ransomware is a malware that can restrict a user’s access to a device — and the data stored on it — and hold it hostage. In its 2021 report, Cybersecurity Ventures estimates that costs from global ransomware damage will be $20 billion in 2021 — which is 57 times more than in 2015. 

Spyware: Spyware is a type of malware that infiltrates the user’s device, to damage it or to gain access to sensitive information, often without the user’s knowledge.

Phishing: Phishing is a type of fraud that can come in many different forms — including emails and pop-up ads — and is meant to trick targets into supplying sensitive information that criminals can use to commit identity theft or fraud.

Man-in-the-middle attacks: Often found on public or unsecured Wi-Fi, the “man in the middle” can intercept and capture a victim’s private or sensitive information as it moves from their device to another device or a website.

It’s also important to understand that malware is not limited to desktops and laptops. In fact, mobile devices have some unique vulnerabilities, including:
 

• Many people don’t set up screen locks on their smartphones, which could allow thieves to access data on their phones.
• Apps are often always on and running, which can make it easier for would-be cybercriminals to access data stored in the apps.
• Unlike desktop users, mobile users cannot easily see the entire URL of a site they are visiting, or a link they’re about to click on. This can make it easier for digital crooks to deploy successful phishing attacks.

How Are Security Concerns About Employees’ Devices Changing?

While cybercriminals continuously evolve, creating new challenges for security, one of the most important trends impacting employee device security is remote work.

Remote work was on the rise even before the Covid-19 pandemic, but has become the norm as many offices closed to prevent potential outbreaks of infection. A Stanford University economist who studies the societal impacts that have emerged during the work-from-home transition reported in June 2020 that “an incredible 42 percent of the U.S. labor force” was working from home full-time and that “almost twice as many employees” were working from home than at work.

The effect of more people working from home is more people using personal devices to access and navigate company networks, often without the device and network security protections provided in the office or through an employer-provided computer or mobile device. This increases the potential risk of vulnerable devices being compromised.

While thankfully vaccines are helping the world recover from the pandemic, that doesn’t mean an end to the remote work trend. A study by Harvard University researchers projected that at least 16 percent of employees will continue to be at-home workers long after Covid-19 recedes. As a result, the risk posed by compromised personal devices is expected to remain high.

How Can Employees Protect Their Personal Devices?

As an employer, you should communicate the risks associated with vulnerable devices to your employees, as well as best practices for device security. Examples include:
 

• Always perform software and app updates when they are made available by the manufacturer to ensure the most current protection available.
• Don’t open emails from unknown senders or click on links from untrustworthy sources.
• Be aware of signs of phishing emails pretending to be from legitimate sources. Such emails often look unprofessional, use poor grammar or ask you to click links with odd-looking URLs. Never click on a URL in an unfamiliar email. Instead, always visit the website in question by typing it into the URL bar of a web browser.
• Don’t click on pop-up advertisements.
• Use different passwords for different mobile apps and sites. Make passwords long and complicated, including letters, numbers, and symbols. To add a second layer of protection, enable two-factor authentication for each account.
• Never use an unsecured Wi-Fi or Bluetooth connection, and turn off access when not using Wi-Fi or Bluetooth.
• Use a virtual private network (VPN) to create a private network from a public internet connection. VPNs establish secure and encrypted connections to provide greater online privacy than even a secured Wi-Fi hotspot.
• Avoid using third-party app stores. Sticking to the Apple App Store or Google Play Store is the safest bet.

At the core of many of these best practices: use common sense. If something seems risky or fishy, don’t do it.

However, even if employees follow the best practices above, they often will come into contact with malware. As a result, you should also encourage employees to use device security solutions that provide real-time, multi-layered threat protection against a broad range of malware (viruses, spyware, ransomware, etc.) across their devices. Having this protection will give your employees peace of mind that their personal devices are safer, and may also help keep your organization’s data safer.

Offering Device Protection as an Employee Benefit

Everyday things like online shopping, banking and even browsing can expose your employees’ personal information and make them more vulnerable to cybercrime. 

Recognizing that device security benefits both workers and the organization, more and more employers are offering device protection as an employee benefit. Innovative benefit plans can help protect an employee’s identity, personal information and personal devices from the myriad threats that an employee may face in their digitally connected home and workplace, and when using public Wi-Fi. 

For all these reasons, it’s important that employers offer a high-quality solution. NortonLifelock provides comprehensive protection across employees’ personal devices — from desktop to mobile — and is available as either an employer-paid or voluntary benefit. Since NortonLifelock is a leader in consumer cybersecurity, you — and your employees — will feel more secure knowing that they have robust protection for their devices and identity, at home and on the go. 

If you’re looking to offer your employees protection for today’s connected world, you’ll find the NortonLifeLock advantage is what you need.

Connect with a NortonLifeLock expert to learn more about this important benefit. 

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

No one can prevent all identity theft or cybercrime.
Copyright © 2021 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.
 

---