Despite the recent attention that has been drawn to the potential pitfalls of BYOD, many organizations appear to fall into the laggard category when it comes to creating policies to deal with BYOD. In a report released this week from Acronis and the Ponemon Institute it has been revealed that many companies are still taking unnecessary risks when it comes to allowing their employees to use their own mobile devices to access company networks and to corporate data. The report was formulated as part of Acronis' 2013 Data Protection Trends Research and they have released an ebook, The BYOD Survival Guide: 5 Tips for Practicing Safer Mobile File Access and Collaboration.
“Personal devices have permanently and positively changed the workplace, particularly in the ways employees collaborate, work remotely and interact with company data,” said Anders Lofgren, director of Mobility Solutions for Acronis. “BYOD is a huge opportunity for companies, but our research shows troubling signs of negligence in the face of these dangers. However, with policies and solutions that manage the flow of data between multiple devices and environments, companies can practice safe BYOD with confidence.”
The report identified that companies still have some glaring holes in their policies, such as that 60% of companies do not have a policy in place for employees using their own devices. Out of those that do, 24% allow their executives to use their mobile devices. While executives are probably more careful with their devices they also have access to more valuable information. In the event that an executive were to lose their device or it were to become comprised the damage inflicted on the organization would dwarf that of a more junior employee. 30% of companies are still trying to order the tide not to rise by outright forbidding their employees from using their own devices and 80% have yet to take steps to educate their employees on the risks inherent with using their own devices.
When it comes to the most basic steps that can be taken for security most companies have yet to take action, with only 31% requiring that their employees use a password or a key lock. Only 21% of companies are taking care to wipe their former employee's devices when they leave the company, leaving themselves open to data loss from people who no longer have a stake in protection the company's interests.
The other major area of neglect for companies has been with the issue of public cloud storage. Corporate files are increasingly being shared around using third-party cloud storage solutions such as Dropbox, yet 67% of companies have a policy in place for the use of such services and 80% have yet to train their employees as to how they should use these platforms.