The trend of bring-your-own-device (BYOD) to work, sometimes called the consumerization of IT, has gained a lot of traction in corporate America in recent years. But dealing with data loss is becoming a real problem.
In recent years, a growing number of firms have let their employees bring their personal equipment to the office for work use. It was a win-win for the company: they didn’t have to buy the equipment and it kept the employee happy, since the decline in IT spending has resulted in many employees having better equipment at home than at work.
But now the problems are coming to light. For starters, there is the issue of ownership. Who owns the device and data on it? The law is unclear on this. Then there is the whole issue of securing the device.
Little Security on BYOD Phones and Tablets
IT may want to secure the mobile devices coming and going from the workplace but they can’t. In a survey of IT and IT security practitioners from around the world done by the Ponemon Institute, 76% of more than 4,600 respondents believe that these devices put their organizations at risk and only 39% have the necessary security controls to address the risk.
This is important because people are losing data at a pretty high rate. According to the Ponemon study, 51% of the organizations surveyed in its study experienced data loss in the last 12 months that was a result of employee use of insecure mobile devices; this includes laptops, smartphones, USB devices, and tablets.
“In the old days, the device at great risk was a laptop. People might do various things on [their work laptop] during the weekend, but that can be restricted. In the world of tablets and smartphones, it’s hard to have acceptable use policies,” said Larry Ponemon, CEO of Ponemon Institute.
The silver lining, according Ponemon, is that people take better care of their work laptops and phones when they own it. In a joint research project with McAfee, it found the rate of loss was substantially lower when the individual used their own phone as opposed to a company-issued product.
But the stats are still reason for pause over mobile devices regardless of who provides it. Fifty-nine percent of respondents report that employees circumvent or disengage security features, such as passwords and key locks. Not surprising, but not coincidentally, 59% of respondents also said their workplace experienced an increase in malware infections as a result of insecure mobile devices in the workplace.
“A lot of the problems with ‘bring your own device’ to work is that people like their device, and are not thinking about security. So when an employer imposes requirements, because it’s our device, we might feel more likely to say ‘I’ll do what’s convenient and apologize later if I get caught,'” said Ponemon.
The biggest concern of respondents, at 65%, is employees taking photos or videos in the workplace because they might steal or expose confidential information. Other unacceptable uses include downloading and using Internet apps (44%), using personal email accounts (43%), and copying confidential data onto USB or Bluetooth devices (42%).
At the recent RSA Data Security conference, Ponemon said he noticed a lot of smartphone and tablet endpoint security. “I’ve found that if there’s a market for a solution, that will drive innovation, and my gut tells me securing smartphones and tablets is a priority, which will probably translate to better security in the two to three year range,” he said.