BYOD security crisis on the horizon?

Bring-your-own-device (BYOD) policies have become increasingly popular in organisations across the world, bringing flexibility and productivity gains to many.

However, a new report has suggested that BYOD could be a ticking time bomb in terms of IT security, with many businesses failing to adequately consider the risk of mobility.

The ‘BYOD and Mobile Security’ survey, sponsored by Vectra, saw 1,100 members of LinkedIn’s Information Security Community surveyed regarding the current trends and challenges affecting modern companies.

According to the results, the primary reasons for introducing BYOD schemes are to improve employees’ mobility, job satisfaction and output.

BYOD is still under evaluation at 31 per cent of firms, although 40 per cent said company-owned devices are widely used. Unfortunately, 21 per cent admitted staff using their own devices despite the lack of a supporting BYOD framework is common.

Without the right IT security training, unmonitored use of employees’ personal devices could become a significant problem for organisations.

In fact, 67 per cent of respondents claimed they are concerned about loss of data due to lapses in BYOD policies. Fifty-seven per cent said unauthorised access to commercial information and systems is a worry.

Other issues raised were users downloading apps and content with embedded security problems (47 per cent), malware infections (45 per cent) and lost or stolen devices (41 per cent).

The biggest negative impact companies experience from mobile security threats is having to allocate more resources to cope, with 30 per cent highlighting this as an issue.

Corporate data loss and theft (16 per cent) and increased helpdesk time for repairing damage (14 per cent) are also concerns.

BYOD and IT security training

The security drawbacks of BYOD policies have been recognised for some time. Last year, Gartner noted the mobility trend will create a need for more protection on business and consumer devices.

Rugerro Contu, research director at the organisation, said more people using personal smartphones, laptops and tablets at work matches a rise in BYOD security solution demand.

“The current awareness of security and its impact on users of mobile devices is likely to change,” Mr Contu explained.

“Gartner expects attacks to focus increasingly on mobile platforms as they become more popular.”

The International Data Corporation (IDC) said Australian chief information officers are also becoming more aware of the risks of mobility.

IDC data last year showed 75 per cent of Australian businesses expected to use mobility technologies by the end of 2014. The company said this brings a number of complex challenges when considering deployment and integration of BYOD policies.

Raj Mudaliar, senior analyst of IT services at IDC Australia, said: “Enterprise mobility solutions are increasingly becoming a part of enterprises’ IT road maps to enable a […] richer customer engagement platform.

“BYOD is further exacerbating this shift by acting like a catalyst for adoption.”

According to the Vectra research, companies are dealing with the threats of BYOD policies in a number of different ways.

The highest majority (43 per cent) are using mobile device management, while 39 per cent are utilising endpoint security tools. However, 22 per cent are doing nothing.

Earlier this year, Senior Research Analyst at GFI Software Doug Barney stated that employers must take the initiative when it comes to BYOD, adding that IT security training is vital for maintaining best practice.

“Policies are all well and good, but they only work when backed up with training,” he noted in an article for TechRadar.

“Users should understand how to create strong passwords and regularly change them, how to lock a device, how to manage security settings, how to use encryption, and how to handle company data.”