If you read this blog or IT Business Edge regularly (and thank you for doing so!), I assume that you care about network security, emerging technologies, and the intersection between the two issues. But it seems like you are in the minority, at least within the workplace. Oh, we all love our technologies and gadgets and whatever will make our work life more efficient and productive. Security, though, remains elusive. This is especially true in Bring Your Own Device (BYOD).
Webroot released the results of a new survey last week that revealed a disconnect between employees and employers when it comes to BYOD use and policies. The survey, which was taken in two steps – the first that asked employees what they are looking for in BYOD policies and the second step that asked employers about BYOD security – found that nobody is taking security as seriously as they should:
While there are some striking areas of agreement, there are also signs that many employees do not take adequate steps to protect company information, a weakness that could result in critical security breakdowns. There is also evidence that employers often only pay lip service to consulting with employees over BYOD security. This can create problems given the large number of personal devices being used for work purposes.
Not surprisingly, the vast majority of employees use at least one personal device for work purposes and BYOD is especially popular among younger workers. On the positive side, nearly all (98 percent) of companies report having a BYOD policy, but (there’s always a but) only a third require mandatory security applications to be installed. That falls nearly in line with the 46 percent of employees who report being wary of mandatory security – it all comes down to privacy really, and what employees don’t want their employers to have access to.
But someone has to take care of security. For the vast majority of employees, their BYOD security is no more than the security functions that came with the device.
The survey doesn’t answer why security continues to lag in BYOD. Is it that employees don’t understand the importance of keeping their devices secure or is it that they don’t trust their employers to not keep personal separate from work? Webroot does provide advice on how to improve BYOD security and eliminate some of the disconnect between employers and employees. It involves communication and education. For instance, make sure that employees are well aware of the risks involved with using mobile devices (I would stress the risk to personal information as well as corporate data) and make sure employees understand security solutions before making them mandatory. I especially like the BYOD Bill of Rights that creates a distinct line between personal and business use, and where employers’ rights to the device end.
You’d think after all these years, we’d have done a better job figuring out the security of BYOD, but this survey shows that we have a long way to go.