Many businesses are scaling back their information technology security measures.
In a worrying trend, a significant number of German companies are failing to adequately protect themselves against IT security and data protection risks associated with mobile work, according to surveys commissioned by the German Insurance Association (GDV).
The surveys, conducted by Forsa Society for Social Research and Statistical Analysis and market research institute YouGov, reveal that around 40% of German companies that enable mobile work have implemented no additional security measures to assess the risks of mobile work. This alarming figure, based on a sample of 300 decision-makers, represents more than 99% of companies operating in Germany.
One of the key concerns is the use of less secure personal devices and email accounts for business purposes. In some companies, security measures seem to be deliberately neglected, with 12% not fully complying with compliance and security rules when working mobile. This lax approach is a paradise for fraudsters, as Rüdiger Kirsch, chairman of the Working Group on Trust Damage Insurance of the GDV, aptly puts it.
Ole Sieverding, Underwriting Manager Cyber at Hiscox, echoes this sentiment, explaining that cybercriminals are specifically exploiting the new vulnerabilities created by mobile work. To protect against the growing threat of voice simulators, companies should never accept payment instructions over the phone. This advice is particularly relevant given the quarter of companies that communicate via messenger services like WhatsApp.
Insurers are experiencing new security gaps due to these vulnerabilities. Companies are losing control over their IT security and data security due to the use of personal devices and email accounts. To mitigate these risks, companies should establish clear rules for protecting data used on mobile devices, regularly train and sensitize mobile employees to potential threats, and ensure secure access to corporate applications and data using VPN networks with appropriate user authentication.
The surveys also highlight a lack of investment in additional IT security. Only 8% of companies with mobile work have adapted their IT security and data protection rules, and only 7% of companies with mobile work have invested in additional IT security. This is concerning, as only one in five mobile workers in German companies report adapted security measures.
To further address these issues, it is essential that all employees know and are able to easily contact the relevant IT, data protection, and compliance personnel. Employees should strictly separate business and personal use, not using business devices, email addresses, and passwords for personal purposes and vice versa. For verification, only known phone numbers and email addresses should be used, and never accept payment instructions over the phone, especially not via WhatsApp voice messages.
In conclusion, the surveys commissioned by the GDV reveal a concerning lack of preparedness among German companies when it comes to mobile work and IT security. It is crucial for companies to take the necessary steps to protect themselves against the growing threat of cybercriminals exploiting vulnerabilities in mobile work, personal devices, and email accounts.
