New research published today by Kensington Computer Products Group confirms that although office workers are keen on the idea of Bring Your Own Device (BYOD), most employers still don’t have security policies in place to prevent lost data.
Results from a survey conducted among office workers in the UK, France and Germany show that 67 percent of organizations allow to bring employee’s personal devices to work instead of issue with a corporate device. Under the growing BYOD trend, these employees are using their own notebooks, tablets, iPads and smartphones to connect to the corporate network and perform daily tasks such as email and more.
However, Kensington’s survey also presents bad news for employers: employees were less concerned about the damages incurred by losing company-confidential or business-critical data than they were about someone accessing their personal content and social media channels. Fewer than half of employees surveyed, 40 percent, were concerned about possible damages to their employer in the case of lost or stolen devices.
Many employers are turning a blind eye to the problem, with a shocking 44 percent of workplaces acknowledging that they don’t have any security policies or advice in place for users who bring their own devices to work.
“Survey results reveal that most employees are ambivalent about the risks of company data on their devices,” says Stephen Hoare at Kensington. “They expect the company to make sure its data is protected – via encryption and other security methods.
Hoare adds: “Although there’s a clear acceptance of BYOD as a popular workplace trend, most people aren’t prepared to accept the responsibility that goes with it. This is something that employers not only need to be aware of, but to be proactive in making sure they take steps to protect their data.”
While many businesses and employees may not take the problem seriously, EU Data Protection Laws impose hefty fines for data breaches that can exceed €500,000 for worst-case offenders. These fines are likely to be even higher when the EU Data Protection legislation is amended in the near future. In addition, few businesses can afford the negative publicity that comes with a data protection breach. To protect themselves from these consequences, companies should have a tailored BYOD policy that sets out acceptable use, including encryption techniques, strong password methodologies, theft deterrents, early notification of device losses and remote wipe capabilities.
Lock it or lose it
A clear first step in protecting company data on employee-owned laptops is to put in place corporate policies where the employee realizes they are responsible for their computer, according to Kensington.
Hoare says: “Our survey has revealed a sobering number of employers who still don’t have security policies in place for users who bring their own devices to work. Ignoring the problem is like leaving the keys in the ignition of your company car – or leaving the office window wide open when you leave the building. Employers must start focusing on helping their employees to take responsibility for safeguarding corporate data – by ensuring that they realize the consequences.”
Results are from a survey conducted by IDC among employees in the UK, France and Germany in July 2012. The survey can be downloaded from www.kensington.com