A new Cisco study on device sharing security, reveals that among parents who share their devices used for work with children in the UAE, 40% allow unsupervised access with full knowledge of passcodes. Even among those without access to passcodes, 54 percent remain unsupervised.
“In the UAE, the rise of remote work combined with the increasing prevalence of shared devices within families presents significant security challenges that cannot be overlooked,” says Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS . “As we navigate this landscape, it is crucial for organizations to not only implement robust security measures like multi-factor authentication and zero-trust frameworks but also to engage with employees in understanding their unique home environments. By fostering a culture of security awareness and adapting to the realities of family dynamics, we can better safeguard sensitive information while supporting working parents in our communities.”
With 91 percent of working parents sharing a personal device used for work with a child in the past six months in the UAE, it is clear IT teams need to factor in more than just standard security risks. They need to consider more broadly the issues that arise in chaotic real-world environments, and how substituting security for convenience continues to be a threat.
Among those sharing devices with children, the survey further shows low usage of effective security. Only 24 percent use multi-factor-authentication (MFA) for important work tasks, while 62 percent simply rely on “strong” passwords.
In a time where over two thirds of connected household devices are shared among family members (75 percent vs 65 percent two years ago), it’s time to sharpen up on best practice and monitor activity across devices – managed or unmanaged, fixed or mobile – to make sure nothing falls through the cracks.
Cisco’s Tips to Mitigate Security Risk of Device Sharing:
- Work with rather than against users. Allow users to create guest user accounts on devices to allow family members restricted use without access to business systems but benefitting from corporate cyber protection. Permitting guest accounts is less than ideal, but it’s better than having unauthorized users with full access to a device.
- Implement multi-factor authentication *(MFA) or two actor authentication (2FA). When a user accesses a new application or system, verify that the user intended to perform the action through an MFA/2FA ping or biometric recognition. A simple additional verification step will almost certainly prevent curious children from accessing sensitive systems.
- Keep sensitive business data protected. Not all data has equal security requirements, so guard sensitive data with additional elements such as zero trust network access (ZTNA), VPN, or multifactor authentication (MFA/2FA) so that it can only be accessed by the appropriate device user.
- Back-up, back-up and back-up again. The family home environment is hazardous for fragile electronic devices. Spilled coffee, lemonade or paint can easily disable a device, as can falls from height on to a tiled kitchen floor. Ensuring that important data isn’t lost and that replacement devices can be easily restored from backed-up data is vital to keeping hybrid workers operational.
- Educate users about cyber security. Devious users have a nasty habit of finding ways to subvert security protections if they find that these protections get in the way of their goals. Make sure users are aware of the importance of cyber security, the consequences of getting it wrong, as well as common threats and attacks. Simple policies reinforced with sanctions for transgressions help users understand what is acceptable and what is not.