Late last year we covered a study that showed that companies that allowed workers to use their own mobile devices – phones, tablets, laptops – instead of company-issued devices tended to have happier workers. According to that study, these “bring your own device” (BYOD) programs are growing in popularity among businesses of all sizes.
These programs are not without their drawbacks, however. In the heyday of BlackBerry, businesses’ IT departments had control over usage, software implementation, and security features on employees’ phones. By allowing employees to use their own iPhones or Android phones for work, businesses sacrifice much of the control they once had. A recent study has found that allowing employees to use their own devices can present significant security risks.
According to the Global Study on Mobility Risks, over half – 51% – of businesses surveyed lost data in the last year due to employee use of laptops, tablets, smartphones, and USB devices. Also, 59% of respondents said that their employees deliberately circumvented security measure placed on their devices to protect company data. This includes both personal and company-issued devices. Just over three quarters – 76% – of respondents agreed that their use of mobile devices, both personal and corporate – put their organization at risk. Even more, however – 78% – said that the use of mobile devices was vital to their organizations’ objectives.
The survey also found that many businesses lack the necessary security features to present data loss via mobile devices. Only 39% said they had the security they needed to deal with the problem, and only 45% had enforceable company policies dealing with the use of mobile devices.
The use of mobile devices also creates headaches for IT departments. With mobile devices becoming a major target for malware, 59% of respondents said that their rates of malware infection had gone up in the last year due to the use of mobile devices.
Data loss was not the only security concern, either. Sixty-five percent said that their main concern was with employees taking photos or videos that would expose confidential information, while 44% were concerned with the use of internet apps, and 43% were concerned with employees using their personal email on their devices. Surprisingly, only 42% said that employees putting confidentail information onto USB devices was unacceptable.
The study was conducted by the Ponemon Institute. Data was gathered by surveying 4,640 IT and IT security practitioners in countries around the world, including the US, the UK, Canada, Germany, Brazil, Hong Kong, and others. The study itself can be found here (registration required).
What do you think? Does your business allow BYOD? What are the benefits? Have you had any of the security problems mentioned in the study? Let us know in the comments.