Weaknesses in bring your own device [BYOD] policies are leaving corporate data open to exploitation with almost a quarter of firms allowing employees to access the data on personal devices with no security protection applied to the process.
Webroot’s new BYOD Security Report found that even though 98 per cent of firms have a security policy for mobile access to corporate data, a surprising 21 per cent allow employee access with no security at all.
The lack of adequate security is something that IT managers are becoming increasingly worried about, 58 per cent admitting they are “very” or “extremely” concerned about the risk that the 60 per cent of employees using personal devices for work represents.
“Today, with so many personal smartphones, tablets, and laptops now being used to access corporate data, the productivity gains and cost-savings for employers are substantial, but IT security policy-makers have to think differently and work more collaboratively with their users to determine security policies and practices that address the concerns of both parties,” stated Mike Malloy, executive VP of products and strategy at Webroot.
60 per cent of companies admitted to seeking employee input on mobile device security policies even if over 60 per cent take little notice of those opinions when deciding on mobile security policies. It has meant that 19 per cent of employee devices have a full security app and 64 per cent only use the security features that came with the device.
Top of the pile when it comes to employee concerns about company-enforced security apps are employer access to personal data, personal data being wiped by an employer, and employers tracking the location of the device. Other concerns include impact on device performance and battery consumption.
“We believe if employee concerns about personal privacy are not addressed, or a security app that slows the device or drains the battery is forced upon employees, many will simply stop using their personal devices for work,” said Malloy.
In this regard, 46 per cent of employees would stop using personal devices for business purposes if an employer asked for a specific security app to be installed.