Report: Over 70% of employees keep work passwords on personal devices

Roughly four out of five employees (71%) store sensitive work passwords on their personal phones, and 66% use their personal texting apps for work.

The data is from SlashNext’s latest mobile bring your own device (BYOD) security report, which also suggests 95% of security leaders are increasingly concerned about phishing attacks via private messaging apps.

“With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information,” SlashNext CEO Patrick Harr said in a statement. “In 2022, we saw that the use of personal devices and personal apps was the direct cause of many high-profile corporate breaches. This is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber-criminals.”

According to Harr, this is because threat actors know there are fewer security controls on personal mobile devices than on corporate ones.

The report also highlights a mirrored trend with a majority (89%) of IT and security leaders acknowledging legal concerns about having access to employees’ private data.

According to roughly four out of five employers (81%), the solution to most of the issues above is providing employees a separate phone just for work.

The executive added that organizations with IoT devices must pay special attention to keeping them on separate networks and keeping their firmware up to date with the latest security fixes.

In addition to training, organizations of all sizes should have a process to test or audit employees to make sure the security training can be carried out in the actions employees take.