A new survey shows that 85 percent of enterprise employees who can work remotely are planning to skip the office on Friday, September 1.

Conducted by Lookout, Inc., a data cloud security company, the survey found that a significant number of respondents plan to work remotely using only their mobile devices, posing a significant phishing threat to businesses.

A considerable number of respondents (80 percent) admitted that while working from home on Fridays during the summer, they are more relaxed and distracted.

Another 68 percent revealed they are more likely to use their personal devices for work, and 13 percent admitted they’d fallen for a phishing attack while working from home, the survey found.

Most concerning, 21 percent of employees said that they would continue working business as usual in the event they fell victim to a phishing attack while working remotely on a Friday, with 9 percent saying they would wait until after the weekend to report it.

Employers have their hands tied, according to Lookout, Inc., since 65 percent said they’d quit if the rules around remote work changed.

“We find that when people are working from home, they frequently do it from a device that is less likely to be managed by their employer, such as a home PC, a tablet or a personal mobile phone – using personal devices for work greatly increases the risk of falling victim to phishing attacks,” said Aaron Cockerill, executive vice president of Product, Lookout.

“Given the number of people planning to work remotely on September 1, it’s highly likely bad actors will see this as a great opportunity to launch targeted phishing attacks,” Cockerill added. “At this stage we’re unlikely to ever return to the pre-pandemic office working culture, so employees must always be cautious about phishing attempts, and businesses need to adapt their defenses and technology to mitigate against this increased risk.”

The survey follows the 2022 Lookout Global State of Mobile Phishing Report which found that more than 50 percent of personal devices were exposed to a mobile phishing attack every quarter.

The percentage of users falling for multiple mobile phishing links in a year is increasing rapidly year over year, the company said.

Organizations that operate in highly regulated industries – insurance, banking, legal, healthcare and financial services – were the most heavily targeted enterprises.

The company said that the majority of employees working remotely are using personal devices and networks that IT does not control.

Some tips for organizations to stay safe:

• Implement consistent policies across the board, including principles of zero trust, which can be applied to any user and any data when access is attempted, including those using BYOD mobile devices. Continuous validation of users and data is critical, according to the company.
• Deviation from baseline behavior should be an immediate reason to have a user re-authenticate, with one of the most obvious being when they access data they shouldn’t be accessing.
• Organizations should have the ability to protect any device or user from phishing attacks — including mobile devices. Attackers have set their sights on compromising employee credentials through mobile devices because users can be vulnerable to social engineering across a myriad of apps. Protecting against mobile phishing is a critical first line of defense.
• Advanced context-aware data protection is essential to every organization. Based on who is trying to access data, where they are accessing it from or what device they are accessing it on, an organization’s security solution should be able to allow, limit or deny access to that data, the company stated. Doing so minimizes the risk of compliance violations, data leakage and unauthorized access to sensitive data.