BYOD programs have had a mixed track record over the years. Some say they increase mobility, flexibility, efficiency and collaboration, leading to a more productive workforce overall. Other businesses still shun the practice outright.
Despite its many benefits, some organizations are still hesitant to embrace BYOD – and for good reason, too, as new findings mount to support growing security concerns.
The concept of BYOD – whereby employees can bring a personal device, like their smartphone, and integrate it with business apps and processes – is not new. Nor are the security concerns surrounding BYOD programs.
Employees responding in various surveys have made it no secret that they reuse passwords across work and personal accounts, creating risks for corporate data, and indeed the entire organizational infrastructure. Other studies show employers, for their part, are doing little to train their staff in cybersecurity matters, making for a vicious circle that bad actors can exploit with ease. But a fair percentage of companies refuse BYOD as a practice altogether. And they are probably smart to do so, if new research is any indication.
Threats targeting mobile devices are increasing
Bitglass enlisted the help of a cross-industry, cybersecurity community to uncover the latest trends in BYOD security in the modern enterprise. 400 IT experts were interviewed on different practices surrounding employee use of corporate data on a personal device. The findings were not encouraging:
Organizations enable BYOD for employees (76%), contractors (27%), partners (25%), customers (22%), and suppliers (19%). Why anyone would want so many people accessing corporate data is already a big concern.
15% do not enable BYOD at all, which is good news, although this number is declining year-over-year, as companies become increasingly relaxed.
“85% of organizations enable BYOD; those that deny data access to personal devices are now the minority,” researchers said.
Respondents said BYOD’s main benefits are employee mobility (74%), employee satisfaction (54%), and reduced costs (49%). At the same time, the leading inhibitors to BYOD adoption are security concerns (30%), employee concerns over privacy (22%), and company support concerns (11%).
Some 51% of respondents observed that the volume of threats targeting mobile devices is increasing, following the rise of BYOD and mobile data access. Those polled highlighted a consistent list of BYOD security concerns, like data leakage, unauthorized data access, inability to control inbound and outbound traffic, loss of device, and malware. 43% of respondents did not know if devices accessing corporate data were infected with malware at any point. Human error remains the leading cause of data breaches, other studies show.
“This lack of visibility is highly concerning,” researchers said.
Experts agree that security-centric Mobile Device Management (MDM) is a good way of managing BYO devices, but this requires physical access to the employee’s device, including PIN codes. This keeps employees wary when using these devices, creating new problems for the organization.
Is BYOD for everyone?
So is BYOD a sound way to do business? Yes and no. If your company sits on large troves of customer data, your mind should be set to an entirely different 4-letter acronym: GDPR. As per the European Union’s General Data Protection Regulation, compromising EU customer data with lax security practices can spell penalties from 20 million euros up to 4% of your annual turnover. Similar laws are now being drafted the world over, threatening to render BYOD obsolete just as it turns of age.
If your business is less about collecting user data and more about hitting quotas, BYOD may present real benefits – so long as your workforce understands that BYOD is meant to increase productivity and boost profits, while abiding by the cybersecurity best practices associated with mobility.
At the end of the day, it falls on management to decide the best approach to BYOD. No matter how fast you push the lever toward BYOD, it’s wise to keep tabs on the security of your infrastructure – so it doesn’t spring back on you.