A New Cyber Risk: How Teens Expose Corporations in WFH Era

Abstract

We analyze the risks associated with teenagers’ online activities and the potential migration of cyber threats originating from teenagers to their parents’ work-from-home (WFH) devices, even when defensive measures such as VPN are employed. Furthermore, we examine the serious implications these risks have on corporate security. Of particular concern, parents who work with confidential corporate information, such as financial projections or product roadmaps, might find that their kids are targeted by hackers who seek an easier entry-point to home networks and eventually WFH devices. This paper is timely since there is a rising trend of hybrid work in white-collar professions, mixing traditional in-office work with WFH. The latter is increasingly done in split shifts, including work performed before breakfast or after dinner. While this shift offers numerous workforce advantages and helps teen-parent bonding, it also introduces a plethora of cybersecurity risks, especially when these devices and networks are shared with teenagers on home networks. We did a structured survey of 62 teens which confirms that risky online activity abounds, so the threat of risk migration onto corporate networks should not be ignored. We perform a migration risk assessment and identify which teen-origin risks are most likely to contaminate parents’ WFH devices. We evaluate 20 attack vectors and generate 60 risk ratings. We classify 29 as high risk, 8 as medium risk, 13 as low risk, and 10 as not relevant. We offer recommendations to mitigate this new set of cyber risks.