This month untold economic damage was done by the WannaCry ransomware virus. The virus encrypted data and demanded around US$300 in bitcoin for the decryption key.

However, despite the growing threat of cyber-crime, many companies leave themselves vulnerable. According to a recent EY Asia-Pacific Fraud Survey, half (47%) of the 1,698 employees surveyed say there’s no particular company policy controlling how staff use personal devices for work-related activities at their organizations. This lack of control leaves companies vulnerable to cyber-attack.

“The sheer volume and the level of sophistication of cyber-attacks we see today continues to expose even the most sophisticated organizations to potential breach. It is critical that employees understand this and are educated about their role in helping to defend against the wide range of threats their company faces,” says Warren Dunn, partner, fraud investigation and dispute services, EY.

The use of personal devices creates vulnerabilities for organizations with almost half (49%) of employees agreeing that they conduct business using their personal mobile devices, despite the fact that they may have been issued with a work mobile device. Sixty six percent recognize that there are risks associated with using personal devices for work.

Further, 36% report frequently using their personal phone for work-related activities, whilst 53% of senior management say they conduct business on their personal mobile devices.

“Asia-Pacific is awash with naiveté over the scale of cyber threats. Designing and enforcing policies regarding the use of personal devices for work-related activities would help mitigate the risk of internal threats and cyber-attacks,” says Jack Jia, Partner, fraud investigation and dispute services at EY.