Cryptocurrency has garnered a significant amount of attention over the past year, as there’s been an evolution from it being an unfamiliar and highly scrutinized digital payment method to a serious investment opportunity for even the world’s most savvy investors. The increased attention on crypto is largely due to Bitcoin’s skyrocketing price and the roller coaster ride that has created Dogecoin millionaires – thanks to high-profile names like Elon Musk and Mark Cuban showing their support for the “meme” coin.
While companies like Microsoft, Mastercard, Visa and Goldman Sachs have their hand in the cryptocurrency market in one way or the other, it’s important to realize that at the end of the day, these digital coins/tokens are completely unregulated – making them an ideal form of payment for hackers and organized crime groups, particularly for ransomware actors. Due to this, government and industry officials are pushing for more aggressive tracking and regulation of bitcoin and other cryptocurrencies.
And, while many credible media outlets report cryptocurrency news regularly, it’s easy for an individual to come across a less credible source/crypto exchange by mistake or a targeted phishing email that is indeed malicious. As a result, this seemingly innocent research taking place on corporate devices introduces risk to organizations – here’s why.
Cryptocurrency Research and Trading on Corporate Devices
While cryptocurrency clearly will have its place in the future of the world economy, it’s important that organizations and individuals understand the risk that comes with buying and researching crypto on corporate devices. Because these currencies are unregulated and the majority of people are unfamiliar with them, there are an increasing number of scams being run by bad actors that are introducing risks to organizations.
In light of this, our Counter-Insider Threat (C-InT) Research team looked at DTEX’s proprietary data over the past 60 days to identify how many employees have exhibited this behavior. The team observed that over 25% of employees at a given organization have either researched or bought some form of cryptocurrency using their corporate device over the last two months.
While 1 out of 4 employees is a significant number of people conducting research and buying crypto, our research indicates that the threats significantly increase when there’s industry buzz. For example, in the days leading up to and following Coinbase’s recent IPO, there was a 1.5X spike in employees participating in cryptocurrency activity form their corporate machines. The buzz around the IPO resulted in over 60% of employees searching/monitoring crypto – or 2 out of every 3 employees researching, monitoring or trying to buy a form of unregulated currency.
Mixing Cryptocurrency Investment and Work Life: The Rising Risk
While cryptocurrency has become a serious investment opportunity for high-profile names, companies and everyday people, it is not recommended that organizations allow employees to research and trade these digital coins through corporate devices or on the corporate network. There are simply too many unknown variables and avenues that hackers can take to exploit individuals. Businesses must educate their employees around these vulnerabilities to proactively prevent them from exhibiting this behavior and introducing the relative risk.
With an increasing number of scams being deployed by cybercriminals, we encourage all people to only trade and research crypto through trusted and verified sources – and to please do so only on personal devices to help shrink your organization’s risk and overall exposure. Purchasing Bitcoin, Doge or any other crypto may seem like a harmless task, but attackers are consistently evolving and becoming craftier in the ways they target individuals and organizations, so it’s crucial to spread this awareness.
The bottom line? Researching and purchasing crypto on corporate devices introduces risk to organizations. So, employers need to be aware and let their team members know to proactively mitigate this area of risk. And, if you’re interested in joining as an investor – do so from your personal devices only.
Other than this? Do your due diligence, be safe and good luck!