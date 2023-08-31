New research from Lookout, Inc., a data-centric cloud security company, shows that 85% of employees who can work remotely plan to skip the office on Friday – an estimated 129 million people, a news release says.

The top reasons for staying away from the office according to respondents include: “I’m looking to get away early for Labor Day weekend” (23%), “the kids are home from school” (22%), “the weather forecast looks nice” (28%), “my coworkers are on vacation so the office will be quiet” (35%) and “my workload is light” (36%).

This poses a grave cyber threat to businesses, as 80% of survey participants admitted that when working from home on Fridays in the summer months, they are more relaxed and distracted, the release says.

Another 68% revealed they are more likely to use their personal devices for work and 13% admitted they’d fallen for a phishing attack while working from home. “Most worrying, 21% of employees said that they would continue working business as usual in the event they fell victim to a phishing attack while working remotely on a Friday, with 9% indicating that they’d wait until after the weekend to report it,” the release says.

However, stopping employees working remotely isn’t a viable option for employers, as 65% said they’d leave their job if the rules around remote work changed.

“Working from home during summertime can make people feel a bit more relaxed, especially when the weather is good and most colleagues are off on vacation. But this attitude, and using personal devices for work, greatly increases the risk of falling victim to phishing attacks,” said Aaron Cockerill, chief strategy officer for Lookout. “Given the number of people planning to work remotely on September 1, it’s undoubtedly the riskiest day for phishing this year so far. But employees want – and should – work remotely, so businesses need to adapt their defenses and technology to mitigate against that threat.”

Cockerill continued, “It is vital organizations evolve their cybersecurity strategy to proactively combat mobile phishing. As one of the most effective attack vectors for threat actors, often serving as a starting point for more advanced attacks, mobile phishing protection should be a top priority for organizations of any size.”

The survey follows the 2022 Lookout Global State of Mobile Phishing Report which found:

In 2022, more than 50% of personal devices were exposed to a mobile phishing attack every quarter

The percentage of users falling for multiple mobile phishing links in a year is increasing rapidly year over year

Organizations operating in highly regulated industries – including insurance, banking, legal, healthcare and financial services – were the most heavily targeted enterprises

The majority of employees working remotely are using personal devices and networks that IT does not control. So what can organizations do to stay safe?

Start by implementing consistent policies across the board. These policies should carry forward to principles of zero trust, which can be applied to any user and any data that they try to access, including those using BYOD mobile devices. Continuous validation of users and data is critical — especially as attackers get more discreet about compromising employee credentials. Deviation from baseline behavior should be an immediate reason to have a user re-authenticate, and one of the most obvious deviations is when they access data they shouldn’t be accessing.

Organizations should be able to protect any device or user from phishing attacks — including mobile devices. Attackers have set their sights on compromising employee credentials through mobile devices because users can be vulnerable to social engineering across a myriad of apps. In the context of hybrid work, when employees constantly move between work and personal tasks on their mobile devices, then protecting against mobile phishing is a critical first line of defense.

Advanced context-aware data protection is essential to every organization. Based on who is trying to access data, where they’re accessing it from, or what device they’re accessing it on, an organization’s security solution should be able to allow, limit, or deny access to that data. Doing so minimizes the risk of compliance violations, data leakage, and unauthorized access to sensitive data.

About Lookout

Lookout, Inc. is a data-centric cloud security company that delivers zero trust security by reducing risk and protecting data wherever it goes, without boundaries or limits. For more information, visit here.