Unsupervised Device Sharing with Children Raises Alarm for Security Teams

In the current security climate and with the complexities of a hybrid workforce, IT decision makers still have a huge challenge when it comes to fully securing the workplace.  A new Cisco study reveals that among parents who share their devices used for work with children in KSA, 40 percent allow unsupervised access with full knowledge of passcodes. Even among those without access to passcodes, 56 percent remain unsupervised. 

“Unauthorized access to work devices by children is a pressing security challenge that demands our immediate attention,” Tarik Al-Turki, Director of Solutions Engineering at Cisco Saudi Arabia. “As families in Saudi Arabia increasingly share devices, organizations must implement robust security measures such as multi-factor authentication and dedicated guest accounts. It is crucial for IT leaders to understand the unique dynamics in our region and work collaboratively with employees to ensure that sensitive information remains protected while also accommodating the realities of shared device usage.”

With 97 percent of working parents sharing a personal device used for work with a child in the past six months in KSA, it is clear IT teams need to factor in more than just standard security risks. They need to consider more broadly the issues that arise in chaotic real-world environments, and how substituting security for convenience continues to be a threat. 

Among those sharing devices with children, the survey further shows low usage of effective security. Only 30 percent use multi-factor-authentication (MFA) for important work tasks, while 56 percent simply rely on “strong” passwords. 

In a time where over two thirds of connected household devices are shared among family members (75 percent vs 65 percent two years ago), it’s time to sharpen up on best practice and monitor activity across devices – managed or unmanaged, fixed or mobile – to make sure nothing falls through the cracks.

Cisco’s Tips to Mitigate Security Risk of Device Sharing: 

1. Work with rather than against users. Allow users to create guest user accounts on devices to allow family members restricted use without access to business systems but benefitting from corporate cyber protection. Permitting guest accounts is less than ideal, but it’s better than having unauthorised users with full access to a device.
2. Implement multi-factor authentication *(MFA) or two actor authentication (2FA). When a user accesses a new application or system, verify that the user intended to perform the action through an MFA/2FA ping or biometric recognition. A simple additional verification step will almost certainly prevent curious children from accessing sensitive systems.
3. Keep sensitive business data protected. Not all data has equal security requirements, so guard sensitive data with additional elements such as zero trust network access (ZTNA), VPN, or multifactor authentication (MFA/2FA) so that it can only be accessed by the appropriate device user.
4. Back-up, back-up and back-up again. The family home environment is hazardous for fragile electronic devices. Spilled coffee, lemonade or paint can easily disable a device, as can falls from height on to a tiled kitchen floor. Ensuring that important data isn’t lost and that replacement devices can be easily restored from backed-up data is vital to keeping hybrid workers operational.
5. Educate users about cyber security. Devious users have a nasty habit of finding ways to subvert security protections if they find that these protections get in the way of their goals. Make sure users are aware of the importance of cyber security, the consequences of getting it wrong, as well as common threats and attacks. Simple policies reinforced with sanctions for transgressions help users understand what is acceptable and what is not.

-ends-