Despite security issues such as lost or stolen devices or malicious attacks on the mobile device, businesses believe the benefits of mobility are worth the risks, Symantec found in a recent survey.
Symantec surveyed 236 attendees at last week’s Symantec Vision conference about BYOD initiatives at their organizations. The survey asked about risks and challenges of allowing BYOD, the policies in place, and how users and devices are managed. Nearly 83 percent of organizations allow employees to use personally owned devices for business use, Symantec found.
The top five security incidents in the survey were lost or stolen devices, spam being sent, malware infections, phishing attacks, and exposure of confidential data. The majority of respondents reported experiencing at least one security incident in their organization within the past 12 months, according to Symantec.
“While most organizations allow employees to use personal mobile devices for business purposes, they also accept that doing so will likely result in a mobile security incident,” said Brian Duckering, a senior manager of enterprise mobility at Symantec.
The majority, or 70 percent of organizations, said the benefits of mobility were equal to or greater than the risks and challenges associated with having mobile devices, Duckering said. It turned out, that 42 percent of employees used a personally owned mobile device for business purposes, regardless of the company’s official stance on BYOD.
Employees also frequently disregarded policies and used unauthorized apps for business purposes on their devices. The top four apps employees used for business purposes from their personally owned mobile devices in the past 12 months were the Web browser, email client, contacts, and calendar.
While BYOD was worth the risks, organizations needed technology to help enforce policies and protect their organizations. Nearly 60 percent of organizations said managing mobility is a challenge, and 90 percent rely on mobile management technology to secure, provision, configure and protect business data, the survey found. Even though 80 percent of respondents said their organizations enforced BYOD policies, only 68 percent said technology was used, according to the survey.
About 11 percent relied on Human Resources controls, which basically boil down to an honor system or “on the whistle-blowing of other employees,” Duckering said.
Organizations need to complement mobile device management with application and data protection, with remote data wiping, app-level security, and encryption, Symantec said. Administrators should also utilize effective protection to secure assets against external attacks, rogue apps and unsafe browsing and apply two-factor authentication for stronger account security. Most importantly, there needs to be policies outlining consistent standards across company- and employee-owned devices, Duckering said.
Related Reading: No Organization Is Ready for BYOD
Related Reading: Dealing with Mobility and BYOD Security? Start with The Network
Related Reading: BYOD – One Size Risks All
Related Reading: BYOD- The Flash Mob of Network Security
