Bring your own device (BYOD) policies have become standard in corporate America the past few years, as they give users more flexibility and save companies money in hardware and IT costs. These benefits however, have come at the expense of security and put companies’ valuable information sources at risk.
Reports from ITIXC and KnowBe4 show that about two-thirds of organizations support BYOD polices that allow employees to use personal mobile devices to access its networks and information. In spite of several recent publicized security breaches, 55 percent of these organizations say they are not adding to current security policies.
Data leakage is at the top of the list of concerns. Gartner (News - Alert) reported last May that the average person uses four different devices per week to access office data systems. Multiply that by hundreds of employees and it’s easy to see why many IT managers don’t sleep well. If 99 out of 100 devices were secure, the one device floating around with sensitive company information that falls into the wrong hands could be devastating.
Another area where security is a problem is on the cloud. A McAfee (News - Alert) study found that 80 percent of employees are using unauthorized software-as-a-service (SaaS) apps that IT departments have no control over. Nearly one-sixth of users have had a security problem while using SaaS (News - Alert) apps.
This solution lies in tightening down policy, according to eWeek’s Nathan Eddy: “Survey results suggested that unless the corporation has strong, effective policy, procedure and security awareness training in place to govern BYOD usage, the company and its sensitive corporate data could be put in a precarious position in the event that a mobile device is lost, stolen or more likely, hacked, a real possibility in recent times.”
Adding flexibility to BYOD does not have to mean laying out the welcome mat to hackers. Many best practices for BYOD are already out there, like denying jailbroken phones access to the network or requiring that the latest security and OS patches have been installed. Companies need to also be prepared for situations like terminating an employee with BYOD access.
No IT department can prepare for every possible security breach, but to make no changes in the face of so many security breaches is not the answer.