Absence of BYOD policies putting data at risk

FoI request finds that 42 per cent of council districts in England do not have a BYOD policy in place.

  • Thursday, 16th February 2017 Posted 7 years ago in by Phil Alsop
Recent research from Managed Services Provider (MSP) Annodata has revealed that a high proportion of local authorities in England are yet to implement a ‘Bring Your Own Device’ (BYOD) policy. According to the MSP, without an enforceable plan in place, these organisations may be leaving themselves exposed to the risk of data leakage and any benefits to be had from BYOD will be lessened.
 
A Freedom of Information (FoI) request was issued to 79 council districts from all regions in England and revealed that 42 per cent of the local authorities questioned do not have a BYOD policy in place. Considering, the strict guidelines on data security in the public sector, especially when it comes to protecting the confidential information of citizens, it’s vital to have a clear BYOD strategy in place before employees use their own devices to access an organisation’s data.
 
With the introduction of the General Data Protection Regulation (GDPR), controlling who has access to company data and from what devices is set to become even more important. Organisations will face serious legal and financial repercussions, with fines of up to 4 per cent of total revenue.
 
Joe Doyle, marketing director at Annodata commented: “BYOD can bring clear benefits in the form of greater flexibility and increased productivity. However, any gains to be had from BYOD will be null and void if there is not a clear policy to accompany this. The risk of not giving BYOD appropriate consideration can result in companies being left exposed to an increased risk of data leakage, whilst also making it difficult to determine which devices are accessing which systems and data. Employees want to use their own devices and experience tells us that they will, with or without a standard. Having a BYOD policy grants organisations greater visibility and control over this.
 
“The public sector in particular needs to approach BYOD with due diligence and special emphasis needs to be placed on security when employees are using their own devices to access an organisation’s data. Despite this, our research highlights that a number of local authorities are yet to implement specific and enforceable measures.
 
“However, this is the ideal opportunity for council districts, and other public sector organisations, to revise their approach to existing IT polices and how data is managed. Doing so will minimise the risks associated with BYOD and will enable the real benefits, including increased productivity and efficiency, to be attained. Local authorities should look to work with the right provider who can conduct a thorough and comprehensive review of their current approach.
 
“With the trend towards BYOD gaining increasing traction, technology is there to support this initiative, especially as vendors are working to improve the efficiency and security of mobile solutions. Employees now wish to use their personal devices at work in order to streamline processes and make their lives easier; they want to have the same print capabilities and access to documents on their mobile devise as they do when using their desktop. A BYOD strategy should be top of the agenda for organisations that don’t currently have one in place. Considering that digital workflow is becoming more important than ever, seamless printer access is just one way that BYOD can enable the local authorities to be more productive and efficient,” concludes Doyle.