As part of European Cybersecurity Awareness Month, a recent Cisco study reveals the growing concern in Spain over cybersecurity risks that arise in the hybrid work environment, especially when work devices are shared with children. Even though eight in ten parents value hybrid working, they are not adopting strict cybersecurity measures. 86% have allowed their children to use work devices in the past six months, and 41% admit that children know access passwords.
Nuria Jordi, Cybersecurity Solutions Engineering Manager for Southern Europe at Ciscoexamines the top security threats and steps businesses and families can take to protect information in a flexible work and family environment.
Ask.— The study indicates that a very high percentage of parents share work-from-home devices with their children. In your opinion, what are the main threats this represents in terms of cybersecurity?
Answer.— 82% of parents consider that hybrid work is essential to reconcile personal and professional life. However, 86% of these parents have allowed their children to use work devices in the past six months, which is a fairly high percentage. Additionally, 41% admit that their children know passwords, meaning they can access the device at any time without supervision. Even in cases where children don’t know the password, more than 50% of parents left the device unattended.
Here, the main risk is that it concerns children, who They don’t have a deep understanding of what cybersecurity entails or potential threats.. It’s easy for them to click a link, share information, delete data, or even change important company information. One of the main failures we see in cybersecurity is precisely the human factor. Clicking on a link in a malicious text message or email can be devastating, especially if the person is not trained in cybersecurity. Additionally, these children may access sensitive information, close apps by mistake, or send messages to the wrong recipients. These types of human risks are some of the biggest failures we see in cybersecurity.
Q.— The study also reveals that only 16% of parents use multi-factor authentication to protect their devices. Why do you think this percentage is so low? Is it due to a lack of culture, the idea that “nothing is going to happen” or simply because parents are not as digitally literate?
A.—I think it’s a combination of both things. On the one hand, the study shows that 85% of parents worry that their device could be hacked, which reflects a certain awareness of the importance of cybersecurity. However, it is surprising that so few people use two- or multi-factor authentication, especially when one understands the importance of protecting devices from unauthorized access, especially in mission-critical applications.
This is where enterprise IT and security teams come in, who must enforce zero trust policies, i.e. ensuring that anyone attempting to access the device or an application has actually authorized to do so, by confirming their identity through multi-factor authentication. . There is also the question of education: we carried out this study with more than 6,000 people in the EMEA region (Europe, Middle East and Africa), including more than 500 in Spain, and covers profiles of ages and different sectors. Cybersecurity education in a hybrid work environment is essential, especially for low-tech profiles, who may not be aware of this need for security. Training should make them understand both the threats and possible sanctions in the event of misuse or non-compliance with cybersecurity measures.
Q.— Regarding the use of public Wi-Fi networks at work, the study indicates that 35% of parents use them. What are the basic recommendations for protecting information when using these types of networks?
A.— The main thing would be to use a VPN, that is, to protect information through a virtual private network. When using public WiFi, data can be transmitted transparently, allowing network administrators or malicious individuals to capture sensitive information, both business and personal, such as banking details. If for some reason mobile data cannot be used, VPN provides protection even on a public network. This is a fundamental point for strengthening cybersecurity in hybrid working.
Q.— Cisco emphasizes the importance of educating users about cybersecurity to avoid these types of risks. From your point of view, what is the role of companies in this training and how can they contribute to improving cybersecurity awareness?
A.— Companies, by allowing work from any location and from any device, must reinforce the importance of security. This can be achieved through employee campaigns, such as phishing simulations. For example, some companies send simulated phishing emails to identify how many employees click on malicious links and how many are willing to enter their credentials, which serves as the basis for further training. It is important to remember that the human factor remains one of the main weak points, which is why cybersecurity education is essential.
This training allows employees to memorize the main threats, understand the risks and, in certain cases, know the possible sanctions in the event of misuse. We are all susceptible to errors, but good training helps minimize these risks. Cisco, like other companies, has a duty to reinforce this message as we better understand the risks of what could happen. Education is undoubtedly an essential step, as important as using VPNs or multi-factor authentication.
According to the latest Cisco Cybersecurity Readiness Index 2024 report, 77% of Spanish companies anticipate that a serious cybersecurity incident will affect their business in the next 12 to 24 months. Lack of preparation can have a high cost: four in ten companies (41%) have suffered cyberattacks in the last year, and 60% of those affected report significant economic losses, with an impact of between 9,500 and 185,000 euros. This data highlights the urgency of adopting robust cybersecurity measures to reduce risks in an increasingly interconnected and flexible work environment.
