Bring-your-own device (BYOD) sounds like a great idea to improve productivity, but the challenges it poses from a security and IT management perspective continue to trouble organizations large and small.
What seems to be clear however is that many employees want BYOD – and they want it bad enough, according to a survey released today by the CTIA-The Wireless Association, to do it regardless of policy. The survey, which was performed by Harris Interactive, fielded answers from 250 Information Technology decision makers and more than 1,000 full-time employed mobile device users.
According to the survey, 47 percent of users said there was no formal policy at their office, which closely matched up with 42 percent of IT experts who said there wasn’t one.
Despite the number of organizations without policies, 57 percent of users said they had used their smartphone or tablet as part of BYOD during the year.
“This does not come as a surprise,” opined Dave Jevans, founder and CTO of mobile security vendor Marble Security. “Many companies have been ignoring the fact that employees use their mobile devices to access email.”
“We have seen that larger companies have BYOD policies and are now implementing security programs to help ensure that user devices are secure when accessing corporate data, assets or cloud services that the corporation gives them access to,” he said. “But, there are many large organizations [that] are looking to add BYOD policies in the coming year. Many of these companies issued company-owned Blackberry devices and are looking to diversify to employee-owned iPads, iPhones and Android devices.”
According to the CTIA survey, companies with fewer than 500 employees are less likely to take action to protect employees’ mobile devices and less likely to communicate the importance of security to their employees. Regardless of size, the majority of companies represented in the survey stated they believe it’s the users responsible primarily to protect the device –72 percent of those having less than 500 employees compared to 62 percent among those with 500 or more.
When asked what steps they have taken to protect their device, consumers offered a mix bag. Sixty-three percent said they have installed or used software updates, and 58 percent were using passwords and or PINs. Just 43 percent said they were using antivirus.
In a separate report, Marble Security found more than half of the respondents were not aware of advanced persistent threats targeting mobile devices, and 45 percent were unaware that spear phishing attacks could be a problem for mobile users.
Jevans suggested organizations enforce device password policies and require devices not be jailbroken or rooted. Organizations should also consider requiring devices be at the latest operating system level within 30 days of its release, and require users to use an anti-malware or app scanning product if they are using an Google Android device.