Following a new ESET study which highlighted how workers using company-provided laptops for personal activities could be putting work hardware at risk, we’ll explore the issues surrounding this practice and the potential consequences for businesses and employees, in two parts.
90% Using Work Laptops For Home Usage … But What About Risky Behaviour?
The recent study by cybersecurity company ESET revealed that employees are regularly engaging in risky activities on their work laptops. For example, the study shows that nine out of ten surveyed admitted to using their work devices for personal activities, including illegal streaming, gambling, and viewing adult content! Alarmingly, 20 per cent of respondents who view adult content say they do so daily, while the same proportion engages in online gambling daily using their work devices.
Work From Anywhere and Employee Mobility
The shift towards remote and hybrid work environments is one reason employees may be blurring the lines between professional and personal use of their work laptops. With the flexibility to work from anywhere, such as a home-office or while travelling, these devices often become a primary computing tool for both work and personal activities. While this convenience enhances productivity and work-life balance, it also introduces significant risks to businesses.
Accessing the Dark Web with Their Work Laptop!
The ESET study also highlighted some very concerning behaviour, with 17 per cent of respondents admitting to accessing the dark web using their work laptops, with some doing so daily.
Accessing the dark web exposes businesses to severe risks, including malware or ransomware attacks, data breaches, legal consequences, and reputational damage.
Consequences of Risky Behaviour
The consequences of employees engaging in risky online behaviour using work devices can be severe for both the business and the individual. Businesses may face data breaches, financial losses, and regulatory penalties, while employees could be subject to disciplinary action, legal ramifications, or even job termination if their actions cause significant harm to the organisation. The ESET study revealed that 18 per cent of respondents felt their job would be at risk if their risky behaviour were discovered.
Employee Awareness Important
In the report of the study, Jake Moore, Global Cybersecurity Advisor at ESET, stresses the importance of employee awareness, saying: “We often hear ’employees are the weakest security link,’ and endpoint security may not be the first thought on people’s minds. Businesses need to ensure that employees understand cybersecurity risks and their role in mitigating them, which includes avoiding risky behaviour or accessing illegal websites on their work laptops.”
Many Have No Cybersecurity On Work Laptop
Despite the clear risks, the study also revealed a worrying lack of security measures, with one in five (18 per cent) of respondents saying they had no cybersecurity software installed on their work laptop. A further 7 per cent were unsure if their devices were adequately protected, highlighting a critical gap in corporate security management.
What Does This Mean For Your Business?
The findings of the ESET study highlight the critical need for businesses to take a proactive role in ensuring the security of work laptops and corporate devices. With so many employees engaging in what appears to be some extremely risky online behaviour (e.g. going on the dark web daily), the potential for significant data breaches and financial loss is high. The key for businesses is really to ensure that robust security measures are implemented across all work devices, particularly in hybrid work settings where employees use these devices both for work and personal tasks.
Implementing effective cybersecurity policies is essential. Employees should really be educated about the dangers of risky online behaviour, and must be helped to clearly understand their responsibilities in safeguarding corporate assets. Training and awareness programmes that help employees recognise the threats of malware, ransomware, and phishing attacks should ideally be mandatory, particularly as personal, and professional device use becomes more intertwined. Also, companies should ensure that all devices have up-to-date cybersecurity software, such as endpoint protection, that can detect and block potential threats in real-time.
As highlighted in the ESET study, for businesses to effectively manage employee behaviour without invading privacy, IT departments should try to adopt tools and solutions that focus on detecting risk patterns rather than overseeing every detail of employees’ digital activity. Striking this balance could help maintain trust within the organisation while ensuring that cybersecurity remains a priority.
Next week, in Part 2 of this series, we will delve into the legal and compliance implications of risky employee behaviour on work laptops, explore real-world case studies of high-profile breaches, and provide further insights into how businesses can mitigate these risks effectively.