The practice of BYOD (bring your own device), where employees are allowed to use their personal devices for corporate functions such as email, has become incredibly popular. Unfortunately, new statistics are underscoring the fact that it’s a very dangerous practice if businesses don’t treat it with respect―and the problem is getting worse.
Per a June 2013 Mobile Security Survey Report from Internet Security firm Checkpoint, personal mobile device (PMD) usage on corporate networks is surging―96% of respondents said the number of PMDs on their networks is growing; 45% said they have five times as many PMDs on the network as they did two years ago. More than half of these firms (53%) reported that sensitive customer or corporate information is stored on mobile devices, up from 47% the year before. (This figure is probably low―in May 2013, CTIA-The Wireless Association reported that the percentage of employees using personal devices for company business is at least twice as high as the rate at which their employers report it.)
Given that 85% of companies store the majority of corporate data and intellectual assets on their networks (per the April 2013 BYOD and Mobile Security Report from the 160,000 member LinkedIn Information Security Community), having so many personal devices on a network could result in a serious data breach. For many firms, it already has. The Checkpoint survey also found that 79% of businesses experienced a mobile security incident in the past year. For 52% of them, the cost to mitigate it was more than $100,000.
In other words, if the age of Bring Your Own Disaster hasn’t arrived yet, it is looming on the horizon.
These statistics aren’t meant to scare you away from adopting BYOD. The productivity gains and cost reductions are undeniable. For example, Intel’s 2013 IT Performance Report indicates BYOD saves its employees an average of 57 minutes a day. VMware reported in February 2013 that it saved $2 million by going “all-in” with BYOD. Undoubtedly, cash-crunched, productivity challenged small and medium-sized businesses (SMBs) will reap big rewards, as well.
However, these same SMBs are also less likely to have the IT resources to implement and enforce a BYOD policy, so mobile security is a real concern. Numerous companies are touting end-to-end mobile device management platforms, many of which are complex and expensive to maintain. DynaSis proposes a simpler solution―make it easy for employees to access the corporate information they need, but hard to transfer it to their PMDs.
A remote workplace solution―where personnel access corporate networks through a secure portal and all data remains on the corporate network―is a great start. Add another layer of protection with firm, “no second chances” BYOD policies about data management and then wrap it all up with extra protections such as remote lock and wipe, and you will have eliminated the majority of BYOD challenges.
But don’t wait too long before you take action. Even if you don’t have a BYOD policy, employees are probably using their personal devices for company business without your knowledge. In the absence of a clear policy, they are also more likely to perform dangerous behaviors, such as altering security settings on their PMDs, sharing corporate passwords, logging onto unauthorized networks, and performing other risky behaviors.