BYOD leads to widespread security threats to companies

Posted on July 01 2013 by David Schulz

One-third of office workers have failed to update their device security in the last six months

Staff are using more personal mobile gadgets to do their work but the security of the work data they are accessing is not being deployed in return, according to research.

According to YouGov research among 2,000 office workers, in a typical week almost three-quarters (73 per cent) of office workers now use one or more personal devices, such as smartphones, to do their work. Nearly half (45 per cent) use two or more, confirming the widespread take-up of bring your own device (BYOD) strategies at firms.

But the research shows this is not leading to increased mobile security vigilance from staff, thereby increasing the strain on UK businesses’ security operations and their ability to protect their data.

A third of office employees (30 per cent) do think they should be made directly responsible for data loss or theft, with 44 percent saying both they and the company should be equally responsible. Only 13 percent thought it was solely the company’s responsibility.

Worringly over one third (34 per cent) of office workers with a personal device have failed to update their personal device security in the last six months, while a further third of those (11 percent) have never installed or updated security for their own devices.

Recent Information Commissioner’s Office (ICO) guidance clarifies that companies are accountable for the loss of data by their employees, irrespective of whether it was on a personal or work device.

Almost a fifth (18 per cent) of staff say they have seen their personal gadgets compromised in the past six months, so widespread ICO fines on companies through security lapses on personal devices are drawing nearer.

More than half (53 per cent) would not object to their employer strengthening security for their personal device, compared to just 26 per cent who would object.

But over a quarter of office workers (27 per cent) claim their company has not outlined any sort of policy on using their personal device for work purposes.

Vincent Geake, director of secure mobility at BAE Systems Detica, which commissioned the research, said, “There is a willingness of staff to engage in the security debate and to share the responsibility for security, but they are really looking for employers to take the lead.”

(Computer World - UK)

Take our short IT management security grader