We recently posted a blog about the growing trend of employees using personal mobile devices in the workplace, called “The BYOD Revolution.” Check out this article by Nathan Eddy from www.eweek.com for some great insight on the security threats posed by BYOD policies:
Seventy-one percent of employed Americans who own personal mobile devices are able to connect them to the secure network provided by an employer, but do not take the proper precautions to safeguard their devices or the data they have access to, according to a Bitdefender study of 1,045 Internet users in the United States. According to the respondents, 29.7 percent of bring-your-own-device (BYOD) users would share their personal mobile devices with friends or family members even if they hold critical company data. Demographically, employees between the ages of 45 and 64 are sharing their devices to a lower extent, while those with low education are more open to sharing.
“Most likely, BYOD users do not perceive their devices and the way they store corporate information pose a real threat to the company itself. Most of the time, the smartphone is still perceived as a mobile phone rather than a miniature computer, although the latter better describes it as a device,” Bogdan Botezatu, senior e-threat analyst at Bitdefender, told eWEEK. “Also, convenience seems to trump security and users would rather leave their phone’s display always unlocked than having to deal with the pattern or pin-based unlock mechanism every time they check their e-mail or social network activity.”
Botezatu noted that while an informed employee is effective and empowered, large companies unfortunately have to survive with undersized IT teams that barely have the necessary time to deal with mission-critical issues, and they seldom train all the employees and explain the indirect technological implication of mobile device misuse.
The report found 39.7 percent of the users who connect personal mobile devices, such as laptops, tablets and phones, to the company network do not have any lock-screen mechanism set in place. If lost or stolen, these devices would immediately expose their contents (private and work-related information) to unauthorized third parties, which puts the company in a weak position. In contrast, only 9.1 percent of BYOD users rely on biometric features (such as face, voice or fingerprint recognition) as the preferred method for unlocking their mobile devices. In order to prevent or minimize these occurrences, Botezatu said training could be done either directly, in a similar manner fire or hazard training is done, or remotely, as part of the corporate newsletter.
He said training should be doubled by a mobile device management (MDM) solution to ensure that certain aspects–such as remote wipe and screen lock features–are enforced by default before joining the corporate intranet or Internet. “BYOD has already diminished the authority of the IT teams, as they can hardly stay in control with mobile devices. After all, the devices and software running atop are the property of the user, not of the company the user is working for,” Botezatu said. “What the IT teams should start looking after now is not so much the security of the device, but rather the security of the company data stored on it.” He noted there are a number of MDM solutions available, but the most effective ones are the enterprise solutions that blend MDM with antimalware and intrusion detection.
Photo Credit: www.freedigitalphotos.com