The phenomenon of organizations allowing or encouraging their employees to use their own computing devices for work–known as Bring Your Own Device, or BYOD–is now widespread in many countries, bringing with it some serious risks to company networks and data. As we first reported here on the blog a few weeks ago, ESET commissioned a Harris Interactive survey to help companies get a handle on the scale and scope of these risks. We have now summarized the most important findings in this handy BYOD graphic appropriately titled: BYOD security is no LOL matter.
After contacting 2,000 people, Harris got detailed responses from some 1,300 adults in America who are currently employed and found that more than 80 percent of them “use some kind of personally owned electronic device for work-related functions.”
Some of these devices are older technologies like laptop and desktop computers, but smartphones and tablets (iPhones and iPads, Windows Mobile and Android devices, etc.) are already a significant part of the BYOD phenomenon.
And a variety of what you might call "unsafe computing" practices were observed across all devices. For example, among employees who have been using their own laptop for work, more than 30 percent have connected to the company via a free or public (and quite likely hackable) WiFi connection.
Another BYOD risk factor is the practice of letting someone else use the device. This could be "just" a family member or friend but it introduces the possibility of that person gaining access to the company network or sensitive company data stored on the device. Furthermore, if this "other person" is not trained in safe computing practices there is a serious risk of them getting the device infected or compromised.
As for strangers accessing the device and its corporate data bounty, the BYOD risk is high, with 37 percent of respondents saying they don't use the auto-lock feature on the device (meaning that anyone who steals it or finds it on the seat of a taxi can use it right away). Adding to that concern is the finding that a third of those surveyed said company data on their personal devices was not encrypted (another third did not know if it was encrypted, meaning that as few as one third of people are encrypting company data on their personal devices).
A big clue as to why these BYOD risks exist is the finding that two thirds of organizations have not implemented a BYOD policy. And a strong indicator that the risks are real is provided by the final statistic in the BYOD infographic: a quarter of those surveyed said that they have been a victim of hacking or malware on a device they own.
We trust this infographic will be useful in helping you raise awareness of this issue within your organization. Feel free to share the image above or download the larger .pdf version that includes the following helpful BYOD security tips:
- Provide cybersecurity training to all BYOD employees. That training should include physical security, WiFi security and social engineering attacks. Try to provide at least four hours of face-to-face learning.
- Make password-protected auto-locking a requirement on personal devices used for work and make sure employees know what makes a password strong.
- Develop and enforce a clear, written policy that lets employees know what work-related data they may access with their own devices.
Leave a reply