Employees using their personal equipment for work do not generally consider the potential problems linked to data security. BYOD or “Bring Your Own Device” can be an effective work method, because it allows the use of personal tablets, smartphones or laptops in the office or for work-related tasks. However, it may pose risks for the protection of business data.
The “Data Protection Trends Research 2013” study, conducted by the Ponemon Institute and Acronis firms, reveals some problems with BYOD which could compromise critical business data. In fact, confidential information may be exposed to theft, loss of integrity, hacking, malware, etc. Here is a summary of this study’s findings:
Flaws in or absence of a BYOD policy
Approximately 70% of companies do not have a clear policy on the use of personal equipment. Furthermore, more than a quarter of those who do have a policy have made exceptions for corporate executives, who generally work with sensitive data. Approximately 80% of respondents have not sensitized their staff on the possible risks arising from BYOD.
Basic precautions are not applied
Only 26% of companies require a password or a security key for personal equipment and only 17% perform a remote wipe when an employee departs or when equipment is lost or stolen. Absence of such measures may cause breaches in confidentiality or loss of sensitive data.
Unevaluated cloud computing risks
Many employees use file sharing services via public cloud computing (e.g. DropBox), which may jeopardize sensitive business information. Only 50% of companies have developed a cloud computing policy and only 10% of these have trained and sensitized their employees on how to apply this policy, which is alarming.
In conclusion, the study reported that companies must implement a BYOD policy without delay. They should not completely ban the use of personal devices, as users will likely find ways to circumvent this ban (e.g. use of cloud computing), which can be risky for the protection of business information. The study also highlights the importance of training employees and managers in using BYOD securely. In addition, companies must supervise the management of mobile devices and the use of cloud computing.
For more information on this study, please read the following article:
Considering that an important aspect of BYOD is employee training and awareness, please consult Terranova’s services in this area.
By Patrick Paradis, Information Security Advisor