Many firms are reducing their IT security resources.
In a series of surveys conducted by the Forsa Society for Social Research and Statistical Analysis, as well as the market research institute YouGov, on behalf of the German Insurance Association (GDV), it has been revealed that many parts of the German economy are insufficiently protected against the risks associated with mobile work.
Every second company allows mobile work to be done on private devices, yet only 7% of these companies have invested in additional IT security, according to GDV CEO Jörg Asmussen. This lack of investment leaves companies vulnerable to cybercrime and fraud, as cybercriminals are exploiting new vulnerabilities in mobile work, specifically targeting private devices and email accounts.
Companies should strictly separate business and personal, with employees not using business devices, email addresses, and passwords for personal purposes. However, in some cases, security seems to be deliberately neglected, with 12% of employees admitting they do not fully comply with compliance and security rules when working mobile. In 5% of cases, employees even use their private email addresses for business emails.
Only 8% of companies where mobile work is done have updated their IT security and data protection rules, which is concerning considering the risks involved. To protect themselves, companies can ensure secure access to corporate applications and data via a VPN network with appropriate user authentication.
Verification of important processes such as large payment instructions or changes to customer and supplier account data using the four-eye principle and two communication channels is advised. For contact verification, only known phone numbers and email addresses should be used to avoid fraud attempts.
Regular training and awareness-raising among mobile employees about potential threats and establishing clear rules for protecting data used on mobile devices is recommended. A quarter of companies communicate via messenger services like WhatsApp, which could potentially expose sensitive information to unauthorised access.
Rüdiger Kirsch, chairman of the Working Group on Trust Damage Insurance of the German Insurance Association GDV, states that this environment is a paradise for fraudsters. He warns that companies lose control over their IT security and data security when mobile work is done on private devices.
Half of the employees surveyed by YouGov worked fully or partially mobile. Only one in five mobile workers reported adapted security measures. The GDV commissioned a survey of small and medium-sized enterprises, with 300 decision-makers participating. The surveys show that the German economy needs to take action to address these cybersecurity risks associated with mobile work.
Specific companies operating in Germany that did not adjust their IT and data protection security rules during the COVID-19 pandemic and were criticised by GDV Chief Jörg Asmussen as negligent and inviting cybercrime and fraud are not mentioned in the available sources. However, it is clear that the risks associated with mobile work are significant, and companies must take steps to protect themselves and their customers from potential cyber threats.
