Contact Us

HomeNewsLookout Survey Highlights Mobile Phishing Risk to Employees Working Remotely Ahead of...

Lookout Survey Highlights Mobile Phishing Risk to Employees Working Remotely Ahead of Labor Day Weekend

A new survey conducted by Lookout, Inc., the data-centric cloud security company, shows that 85% of enterprise employees who can work remotely are planning to skip the office on Friday, September 1. A significant portion of these individuals are poised to remotely work specifically through their mobile devices, creating a perfect scenario for potential hackers to carry out focused phishing assaults.

This presents a grave cyber threat to businesses, as 80% of survey participants admitted that when working from home on Fridays in the summer months, they are more relaxed and distracted. Another 68% revealed they are more likely to use their personal devices for work, and 13% admitted they’d fallen for a phishing attack while working from home. Most worrying, 21% of employees said that they would continue working business as usual in the event they fell victim to a phishing attack while working remotely on a Friday, with 9% indicating that they’d wait until after the weekend to report it.

However, stopping employees working remotely isn’t a viable option for employers, as 65% said they’d leave their job if the rules around remote work changed.

“We find that when people are working from home they frequently do it from a device that is less likely to be managed by their employer, such as a home PC, a tablet or a personal mobile phone – using personal devices for work greatly increases the risk of falling victim to phishing attacks,” said Aaron Cockerill, Executive Vice President of Product, Lookout. Given the number of people planning to work remotely on September 1, it’s highly likely bad actors will see this as a great opportunity to launch targeted phishing attacks. At this stage we’re unlikely to ever return to the pre-pandemic office working culture, so employees must always be cautious about phishing attempts, and businesses need to adapt their defenses and technology to mitigate against this increased risk.”

The survey follows the 2022 Lookout Global State of Mobile Phishing Report which found:

  • In 2022, more than 50% of personal devices were exposed to a mobile phishing attack every quarter.
  • The percentage of users falling for multiple mobile phishing links in a year is increasing rapidly year over year.
  • Organizations that operate in highly regulated industries including insurance, banking, legal, healthcare and financial services – were the most heavily targeted enterprises.

The majority of employees working remotely are using personal devices and networks that IT does not control. Here’s what organizations can do to stay safe:

  • Start by implementing consistent policies across the board. These policies should carry forward to principles of zero trust, which can be applied to any user and any data that they try to access, including those using BYOD mobile devices. Continuous validation of users and data is critical especially as attackers get more discreet about compromising employee credentials. Deviation from baseline behavior should be an immediate reason to have a user reauthenticate, and one of the most obvious deviations is when they access data they shouldn’t be accessing.
  • Organizations should be able to protect any device or user from phishing attacks including mobile devices. Attackers have set their sights on compromising employee credentials through mobile devices because users can be vulnerable to social engineering across a myriad of apps. In the context of hybrid work, when employees constantly move between work and personal tasks on their mobile devices, then protecting against mobile phishing is a critical first line of defense.
  • Advanced context-aware data protection is essential to every organization. Based on who is trying to access data, where they’re accessing it from, or what device they’re accessing it on, an organization’s security solution should be able to allow, limit or deny access to that data. Doing so minimizes the risk of compliance violations, data leakage and unauthorized access to sensitive data.