Enterprises and Employees Still Don’t Understand Implications of Lax BYOD Security

    I’m beginning to wonder how long it will take both businesses and employees to grasp the importance of security for BYOD. This isn’t a new topic, after all. BYOD has been around, in one form or another, for years. We know that with the skyrocketing use of smartphones and tablets, coupled with dwindling budgets for corporate-supplied devices, “BYOD” has really become part of the lexicon in 2012.

    Coalfire, an IT governance, risk and compliance services company, is the latest to take a closer look at businesses, employees and their devices. What it found isn’t that surprising: Many companies are not discussing mobile device cybersecurity issues with their employees and lack policies to protect sensitive company data.

    Key findings of the survey include:

    84 percent of individuals stated they use the same smartphone for personal and work usage.

    47 percent reported they have no passcode on their mobile phone.

    36 percent reuse the same password.

    51 percent of respondents stated their companies do not have the ability to remotely wipe data from mobile devices if they are locked or lost.

    49 percent stated their IT departments have not discussed mobile/cybersecurity with them.

    Rick Dakin, CEO and chief security strategist with Coalfire, said in a release:

    The results of this survey demonstrate that companies must do much more to protect their critical infrastructure as employees work from their own mobile devices, such as tablets and smartphones, in the workplace. Companies need to have security and education policies in place that protect company data on personal devices.

    Personally, I think it is pretty sad that employees aren’t interested in protecting themselves and the company needs to do more to protect everybody. I want to say that, with all the news on security, with all the conversations about protecting your data, people should “get it” by now. But then, I would think that after 20 years, people would understand the Nigerian lottery is fake too, and yet, those scams are still popular because they work. The depressing reality is that many of us don’t take security seriously, which means someone has to do it. And in the case of BYOD, it falls to the company that has a vested interested in how employees use their personal devices.

    Based on seeing the results of the survey, I have to question why companies aren’t stepping up to institute better BYOD security policy. I haven’t researched it myself — and perhaps I should — but what are the legal implications of a corporate breach via BYOD. Who is at fault there? The company? The owner of the device? Both?  I would think, if nothing else, legal matters would get the security discussion rolling, but maybe no one is aware of the legal implications. I’d love to hear from anyone on that angle. provided a great article on how important it is for companies to revisit and revise their BYOD policies. But before they can do that, they have to put one in place first, and as the Coalfire survey showed, that is happening at a snail’s pace. And based on research from Juniper research, 350 million people are expected to be using BYOD by 2014. That’s a whole lot of people and a whole lot of risk ahead if companies and employees don’t act now.

    Sue Poremba
    Sue Poremba
    Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.

    Latest Articles