According to a new study by TEKsystems, the exposure to risk is much the same today as it was in 2013 but, if anything, companies have become more complacent where BYOD is concerned, demonstrating less vigilance in the areas of management and mitigation.
TEKsystems market research manager Jason Hayman:
“The growing deficiency of BYOD policy and management uncovered in this snapshot is astonishing, especially given the heightened threats of cybercrime and mobile security attacks. The degree of exposure to risk is amplified by the fact that IT professionals and other employees are always connected, working from multiple devices from just about any location. These findings suggest that companies have either become completely overwhelmed by the process of instituting and upholding BYOD controls, don’t feel that there is a legitimate threat, or have made the dangerous assumption that their tech-savvy workforce doesn’t need direction regarding safe use of personal devices.”
The study discovered that 72% of IT professionals believe that employee use of personal devices puts sensitive company data at risk, a figure that matches the findings of a similar study undertaken last year.
Over sixty percent (64%) of the survey’s respondents indicated that their employer still had no official policy on bring your own device or, if they did, communication had not alerted to them of that fact. Worryingly, the number of IT pros citing a lack of BYOD policy was way up on the same period last year when only 43% identified a lack of guidelines.
Whilst the survey unsurprisingly discovered that the use of mobile devices in the work environment led to greater flexibility, it also highlighted how advances in technology had either a perceived or actually detrimental effect on employees, with over a quarter of those surveyed saying they felt that advances in technology had led to increased stress levels.
Interestingly, whilst security teams scratch collective heads over the challenges provided by BYOD, sixty-one percent of this survey’s respondents said they would welcome a return to the days where mobile phones, tablets and laptops were but a pipe dream, saying that they preferred to be out of contact outside of working hours. So, whilst ultra portable devices are a threat, whether they be personal ones or corporately owned, many of the people using them would seemingly be happy to ditch them in an instant if they had the choice. Interesting, huh?
Despite the feeling that many employees would like to disconnect from their devices, outside of work at any rate, many (60%) do recognise the benefits in terms of having greater control over their working life, though 28% also feel that employers gain control over them through the use of such technology.
Forty-two percent of respondents did say however that they would get onto IT support within the hour if they lost their mobile connection, though the study isn’t clear whether that was just out of a sense of frustration at not being able to access Facebook over lunch :-).
ESET security expert Mark James:
“BYOD has always been an issue from a security point of view. Nearly all of us have some kind of device capable of being suitable for BYOD, whether it’s a smartphone, tablet or even your own laptop. Using these devices to make your work life easier may seem a simple solution but to keep that data safe is a whole different kettle of fish. We don’t want to carry more devices so the idea of using our own personal ones sounds perfect. Lets use the device in my pocket to get my emails, if I am taking my own tablet on vacation or away for a few days then let’s use that for remote working or again getting emails. However, what steps are acceptable from a business point of view to protect that data?
There are many factors that need to be addressed, what protective measures do you have on the device, pin code? Biometrics? Full device encryption? If you lose or damage your device while using it for work purposes who replaces or fixes it? Should your company share the running costs of that device? If you do lose your device can your company completely wipe the phone immediately to protect data held on it? These are only a small amount of considerations that need to be addressed and most often NOT applied at all. It’s a very big security risk and often not planned, tested and certainly not administered in most situations.”
What are your experiences with BYOD? Does it give your company a competitive edge or are you an employee who wishes you could just switch everything off outside of office hours? Is the proliferation of smart devices even a good thing or is it just another way for companies to invade and take over their employees lives?
According to this survey at least, all this technology is a massive headache for everyone, from the security personnel through to the non-technical, always at virtual hand employee.