Survey: BYOD security remains spotty, with users unaware or unmotivated about risks
Many organizations have embraced the concept of BYOD (bring your own device), allowing employees to use their own personal smartphones and tablets at work. A new survey from BitDefender, however, suggests that BYOD policies and controls have a long way to go in order to be more secure.
The BitDefender study, conducted by Millward Brown, surveyed 1,045 Internet users in the United States, aged 18 and over, during August of 2014. The results of the survey should be a wake-up call for companies to examine their BYOD policies, and ensure that adequate security controls are in place to safeguard corporate data and resources.
Based on the survey responses, it seems that BYOD has transcended from a trendy buzzword to an accepted norm. The concept of connecting personal mobile devices to a company network or data is widely accepted, and half of the employees who are allowed to use their own smartphone, tablet, or laptop take advantage of that policy.
What is concerning is that half of US employees report storing work-related data on their personal mobile device(s)—even when there is no BYOD policy. The number is nearly 60 percent among those who are connecting to company networks through BYOD. Based on the survey responses, employees with higher educations and/or higher incomes also have a higher rate of storing work data on their personal devices.
It gets worse: When survey participants were asked about securing their mobile devices, just over 30 percent reported using a PIN, while an impressive 44.3 percent employ a more complex password. Almost 40 percent of respondents, however, have nothing in place to prevent unauthorized access to their mobile device. Interestingly, employees between 30 and 44 years of age are among the lowest percentage of password users—instead opting for swipe patterns or facial recognition features to lock their mobile devices.
One of the most important security tools for mobile devices that store company data is the ability to remotely wipe sensitive information in the event a device is lost or stolen. The BitDefender survey found that two-thirds of US employees either don’t know the remote wipe capability exists, or they haven't activated it.
Poor device security and the lack of remote wipe capabilities together mean that a very large percentage of mobile devices used in BYOD scenarios are putting company data and network resources at significant risk. For more interesting details from the survey, take a look at the infographic BitDefender created.