Smartphone access is integral for many employees to perform their jobs, and giving workers the freedom to choose their own devices as well as permitting the use of personal devices for work purposes are now concessions made by IT departments nationwide. Persuading iPhone users to work on Android (and vice versa) are essentially pointless endeavors, and carrying two phones is inconvenient.
A recent report from security firm Bitglass surveyed IT experts, and found that 85% of organizations enable BYOD policies, citing employee mobility (74%) and employee satisfaction (54%) as the top two reasons for allowing employees, contractors, and other related parties to bring their own devices. However, the convenience of BYOD creates a particularly large attack surface for malicious actors to harvest information from these organizations.
SEE: System update policy (Tech Pro Research)
Per the report, 30% of respondents indicate that security concerns are the leading inhibitor to implementing BYOD. For organizations that do permit BYOD, data leakage is the primary worry for 61% of IT experts, with just over half of respondents citing unauthorized data access, inability to control uploads and downloads, lost or stolen devices, and malware as additional security concerns. Perhaps most soberingly, just over a quarter (27%) know that devices accessing corporate data are infected, with 43% reporting that they are unsure.
Inadequate or an outright lack of planning is the primary issue with BYOD policies in most organizations. Best practices, such as using Mobile Device Management (MDM) and mandating security settings like device encryption and use of anti-virus solutions are recommended by TechRepublic contributor Scott Matteson in “10 ways to reduce insider BYOD threats.” Only 56% of survey respondents indicate they have MDM and remote wipe functions enabled for BYOD, with half requiring device encryption.
SEE: Man-in-the-disk attacks: A cheat sheet (TechRepublic)
There are stumbling blocks to implementing best practices, however. Employees are understandably squeamish about allowing IT departments access to personal data. Per the survey, nearly two-thirds require physical device access to provision mobile devices, with just over one-third requiring root access. On Android, rooting devices can block the ability to use popular services like Android Pay, and will degrade streaming quality on Netflix to 480p.
The big takeaways for tech leaders:
- According to a Bitglass report, 85% of organizations allow employees to bring their own devices, citing employee mobility (74%) and employee satisfaction (54%) as the top two reasons why.
- Employee discomfort with allowing access to personal data is a primary roadblock to implementing best practices, while requiring root to secure devices can degrade feature availability.