BYOD Programs Hampered by Inadequate Security Policies

By Nathan Eddy  |  Print this article Print
BYOD and mobile security

The Webroot survey revealed more than twice as many workers report using personal devices than those using devices issued by their employers.

Many employees participating in bring-your-own-device (BYOD) programs do not take adequate steps to protect company information, a weakness that could result in critical security breakdowns, according to a survey from threat detection specialist Webroot.

Based on data collected by Harris Interactive, the report surveyed more than 2,000 working professionals in the United States, concluding that while 62 percent of employees would be receptive to security software on personal devices, these requirements would need to be communicated clearly by their employer.

The number of employee-owned smartphones and tablets used in the enterprise will exceed 1 billion by 2018, as the growing trend of BYOD redefines business connectivity, according to a November report from analytics firm Juniper Research.

The Webroot report revealed 60 percent of those using a mobile device for business have either no security or just the default features set on the phone. However, 73 percent of those surveyed said they agree that employees should have some influence on software or security installed on personal devices used for work.

Employers being able to access employees’ personal data emerged as the top worry, with a majority describing themselves as either extremely concerned or very concerned about it.

In addition, more than twice as many workers report using personal devices than those using devices issued by their employers, indicating a potential IT security gap.

"Companies gain a lot in terms of increased productivity and lower expenses by allowing their employees to use personal devices to access corporate data, but it can create a real challenge for the IT department to secure devices they do not control," Mike Malloy, executive vice president of products and strategy at Webroot, said in a statement. "We believe a good mobile security app is a critical part of the solution, but the company must work with its employees by proactively communicating and making them part of the security process to get compliance."

Nearly half of survey respondents said they would stop using their device for work altogether if corporate policy required that they install a security app on personal devices used for work purposes.

"While allowing such devices to access company data provides real business benefits, it can also expose businesses to a higher risk of security threats, including phishing attacks, malware and browser hijacking," the report warned.

Immature policies are putting sensitive organizational and employee data at risk, and the initiative’s value for many organizations is currently mediocre at best, according to an August survey of more than 1,500 IT leaders and 2,000 IT professionals conducted on behalf of TEKsystems.

Originally published on www.eweek.com.