An increasing number of organizations allow their employees to use their personal devices (smartphones, tablets, laptops) in the workplace. It seems that the line between personal and professional technology is becoming blurred as sensitive corporate data can be found on an employee’s personal device along with his or her personal information.
There are several advantages to BYOD, including reducing equipment purchasing costs, increasing efficiency and attracting employees. However, security issues are slowing the adoption of BYOD. Indeed, organizations are exposed to risks such as the loss or theft of sensitive information, malware targeting mobile devices (including the increasingly popular Android operating system) as well as the ease with which attackers can access confidential business information.
According to a study performed by BAE Systems Detica, employees seem not to be aware of the security breach risks that they can expose an organization to. In point of fact, only a third had updated their device’s security software (e.g. antivirus), and just as many knew very little about it. Nearly 20% of employees using a personal device stated that it had been compromised in the last 6 months.
The study shows that about 30% of organizations allowing the use of personal devices have no clear policy for their staff, and this same percentage of respondents were not really aware that rules must be imposed on BYOD.
In order to be allowed the use of their own devices at work, more than 53% of employees would not object to the organization installing additional security software, while 26% would oppose it.One solution to the BYOD problem relies on employee commitment and awareness. In fact, many employees are unaware of the risks and security issues that may impact an organization. It is therefore necessary to regulate the use of personal mobile devices in the workplace and properly educate employees on secure practices.
To learn more, please read the following article or download the BAE Systems analysis:
By Patrick Paradis, Information security advisor