Companies are putting their data at risk by failing to secure BYOD

74 per cent of organisations allow BYOD but nearly half lack clear security policies and best practices.

  • Tuesday, 7th May 2019 Posted 5 years ago in by Phil Alsop

Research from Bitglass has revealed that organisations are enabling bring your own device (BYOD) without putting proper security tools, trainings, and best practices in place. Naturally, this is a significant threat to the safety of corporate information.
 
According to Bitglass’ survey, most businesses are embracing BYOD in the workplace – 74 per cent of respondents said that employees at their companies are allowed to use personal devices to perform their work. However, nearly half of respondents (47 per cent) either said that their employer did not have a clear BYOD security policy, or that they did not know if such a policy was in place at all.
 
Respondents considered unmanaged devices (31 per cent) to be the top blind spot for data leakage; additionally, mobile devices (which are typically unmanaged) were the third largest blind spot at 18 per cent. Despite this, less than a fifth of respondents (16 per cent) cited unmanaged devices as a top security priority for their organisations this year.
 
“Embracing BYOD can yield benefits like increased productivity, cost savings, and talent retention,” said Steve Armstrong, Regional Director, Bitglass. “However, allowing employees to perform their work from personal devices can lead to data leakage if proper BYOD policies and security solutions are not put in place.”
 
“In order to securely reap the benefits of BYOD, organisations need advanced tools such as user and entity behaviour analytics (UEBA) and data loss prevention (DLP). Additionally, they must be able to selectively wipe corporate data from personal devices without affecting the personal data therein. However, for deployments to be successful, these capabilities need to be implemented through an agentless solution that won’t hinder user privacy or device functionality.” 
 
Key Findings:
  • Respondents stated that their organisations’ top overall security priorities for the year were malware protection (26 per cent), unmanaged device access (16 per cent), consolidating security solutions (16 per cent), controlling external sharing (14 per cent), improved analytics (11 per cent), and unmanaged applications (9 per cent).
  • When asked for the tools that they saw as the least effective for securing personal devices, respondents identified password-protected documents as the frontrunner (36 per cent), and face recognition (20 per cent) as the second least effective.
  • For multi-factor authentication on BYO devices, 37 per cent of organisations use third party applications, 13 per cent use SMS tokens, 11 per cent use hardware tokens, and 11 per cent use Google Authenticator; 28% of respondents stated that their organisations do not use MFA on personal endpoints.