Mobile security has taken center stage at this year's RSA Conference. Going hand in hand with mobile security is the issue of securing personal devices that are brought into the workplace, a trend known as "bring your own device" or BYOD.
Recently, security company ESET teamed up with Harris Interactive to conduct a survey to determine the real size and scope of the problem. The survey reveals surprising data on the proliferation of personal devices used in the workplace and the overall lack of company security policies that are in place to lock those devices down. Cameron Camp, distinguished security researcher at ESET, blogged about the results, noting some of the findings:
More than 80 percent of employed adults use some kind of personally-owned electronic device for work-related functions.
About a quarter (24%) of employed adults use their own smartphone to access and/or store company information.
The percentage rises to 41% for personal laptops and 47% for personal desktops.
Only 10% currently use personally owned tablets to access and/or store company information.
The findings are proof that a lot of us are using our own devices for both business and pleasure, and those statistics are surely only going to grow, especially with the increasing adoption of tablets. However, the survey found that despite the acceptance of BYOD, security has lagged far behind. Encrypted company data is accessed by only a third of devices. Only a quarter of survey participants auto-lock their devices, and that number shrinks considerably when using tablets. Or as Camp pointed out, the most basic security steps are being ignored when employees use their own personal devices, whether it be a laptop or a smartphone.
A second study conducted by the Ponemon Institute, Global Study on Mobility Risks, shows the results of poor security on mobile devices. Three quarters of the 4,000 global respondents said mobile devices put their organizations at risk, with 51 percent actually experiencing a data loss due to insecure mobile devices. Malware coming from mobile devices is on the rise. Companies also worry about loss of corporate data through photographs; there is growing concern of employees using their devices to take photos or videos in the workplace.
One thing I wish ESET's survey would have looked into is why security isn't taken seriously for these mobile devices. Is it because security within the corporate walls is handled by someone else and therefore employees feel they don't have to worry about it? Or is it because people don't realize what security measures are available or how to install them? I would think that when a device is your own, you'd want to take extra effort to secure it because it isn't just work information that you put at risk, it is all your personal information. For me, that's reason enough to step up security efforts.