Even though employees may not know what BYOD means, they’re still doing it.
According to a recent survey by CTIA-The Wireless Association, 47% of employees had never heard of BYOD (bring your own device), but once it was explained that it meant using a personal mobile device for work, 57% said they done so in the past year. In contrast, IT decision makers guess that only 25% of employees accessed work information on a personal mobile device.
The most common uses of mobile devices were to access email (89% of respondents), calendars (57%), databases (28%) and company apps (28%). The majority of employees (76%) believe that BYOD is the wave of the future and that companies need to get on board, while just over half of IT managers (58%) believe that the benefits of BYOD outweigh the risks.
Among their concerns, IT managers cited the following:
- Data protection (84% somewhat or very concerned)
- Security of the devices (81%)
- Employee compliance (71%)
- Lost or stolen devices (68%)
Despite these concerns, 42% of IT managers said that their company doesn’t have a BYOD policy. Of those who do have a BYOD policy, 32% did not have even basic mobile device management as a part of their policy.
Here’s what typical BYOD policies did cover:
- Protections for employees related to privacy and loss of personal information (62%)
- Backup and restore for personal data for lost phones (40%)
- Backup and restore for personal data for phones that had been hacked (30%)
Part of the reason for a lack of formal policies around BYOD may be a false sense of security: 83% of employees said that they thought their mobile devices were very or somewhat secure, while 62% of IT decision makers said the same. That is, of course, until a mobile phone is lost, stolen or hacked – which 23% of employees had experienced at least once in the past year. Then, unsurprisingly, security concerns increased.
So what are IT departments doing to protect employee’s mobile device and sensitive company information?
- Added a password (46%)
- Installed anti-virus programs (38%)
- Network certificates (37%)
- VPNs (31%)
- Restricting or blocking access to certain websites (30%)
Some of the less common protection measures included:
- Ability to remotely locate, lock and/or erase data (26%)
- Restrict downloads (24%)
- Mobile application management software (22%)
The lessons here are that employees are going to use their personal mobile devices for work, regardless of company policies – a mobile trend that is only going to continue. Given that, it’s best to have the right mobile security measures in place rather than risk a data breach or exposure of sensitive company data if a mobile device is lost, stolen or hacked. Chances are, it’s going to happen to one of your employees at some point.