Connect with us

Hi, what are you looking for?


Mobile & Wireless

BYOD Trend Exposes Security Policy Gaps

Bring-your-own device (BYOD) sounds like a great idea to improve productivity, but the challenges it poses from a security and IT management perspective continue to trouble organizations large and small.

Bring-your-own device (BYOD) sounds like a great idea to improve productivity, but the challenges it poses from a security and IT management perspective continue to trouble organizations large and small.

What seems to be clear however is that many employees want BYOD – and they want it bad enough, according to a survey released today by the CTIA-The Wireless Association, to do it regardless of policy.  The survey, which was performed by Harris Interactive, fielded answers from 250 Information Technology decision makers and more than 1,000 full-time employed mobile device users.

According to the survey, 47 percent of users said there was no formal policy at their office, which closely matched up with 42 percent of IT experts who said there wasn’t one.

Bring Your Own DeviceDespite the number of organizations without policies, 57 percent of users said they had used their smartphone or tablet as part of BYOD during the year. 

“This does not come as a surprise,” opined Dave Jevans, founder and CTO of mobile security vendor Marble Security. “Many companies have been ignoring the fact that employees use their mobile devices to access email.”

“We have seen that larger companies have BYOD policies and are now implementing security programs to help ensure that user devices are secure when accessing corporate data, assets or cloud services that the corporation gives them access to,” he said. “But, there are many large organizations [that] are looking to add BYOD policies in the coming year.  Many of these companies issued company-owned Blackberry devices and are looking to diversify to employee-owned iPads, iPhones and Android devices.”

According to the CTIA survey, companies with fewer than 500 employees are less likely to take action to protect employees’ mobile devices and less likely to communicate the importance of security to their employees.  Regardless of size, the majority of companies represented in the survey stated they believe it’s the users responsible primarily to protect the device –72 percent of those having less than 500 employees compared to 62 percent among those with 500 or more.

When asked what steps they have taken to protect their device, consumers offered a mix bag. Sixty-three percent said they have installed or used software updates, and 58 percent were using passwords and or PINs. Just 43 percent said they were using antivirus.

Advertisement. Scroll to continue reading.

In a separate report, Marble Security found more than half of the respondents were not aware of advanced persistent threats targeting mobile devices, and 45 percent were unaware that spear phishing attacks could be a problem for mobile users. 

Jevans suggested organizations enforce device password policies and require devices not be jailbroken or rooted.  Organizations should also consider requiring devices be at the latest operating system level within 30 days of its release, and require users to use an anti-malware or app scanning product if they are using an Google Android device.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.