A few weeks ago, Aruba Networks released a report called “Securing #Genmobile: Is Your Business Running the Risk?” that looks at the risk created by the “bring your own device” (BYOD) wave.
It comes to no surprise that most businesses are not prepared for the use of consumer devices in the workplace. This is what we’ve been saying all along.
A few main takeaways from the report:
- The study questioned over 11,500 workers across 23 countries worldwide and discovered that almost nine in ten — 87 percent — employees assume their IT departments will protect them from threats, and yet 31 percent admitted to losing data due to mobile device “misuse.”
- 60% of workers admit sharing their work and personal devices regularly. Also, nearly 20% of employees admit to not having passwords on the device, and a fifth of those respondents claimed to have no security measures in place all the time.
- Aruba’s research revealed 39 percent of respondents from financial institutions admitted to losing company data, which is 25 percent higher than the average industry surveyed.
- 37 percent of companies do not have a basic mobile security policy in place.
I don’t know about you, but these statistics are pretty alarming.
What are businesses supposed to do to ultimately ensure the security of their organization?
Beyond the “basics”: keeping personal devices up-to-date and patched, using approved Internet or Wi-FI networks or approved cloud storage services to shift and store corporate documents, businesses can also:
- Implement an MDM solution.
- Implement secure workplace chat apps that are managed by an administrator—too many employees are using consumer chat apps to share corporate information, some of which may be highly sensitive.
- Implement device checks and quarantine endpoints that are not in compliance. This can help with issues that the worker doesn’t know about.
- Educate, educate, educate. Employees need constant training in correct mobile device usage and security. And given the fact that workers actively disobey policies, the other part of policy enforcement is having the support of the C-level to discipline workers who break policy.
The BYOD approach will eventually become standard business practice. The key is finding the correct balance between maximizing flexibility and efficiency and minimizing the risk of data and information loss.