Gen Y employees will break BYOD rules

Gen Y employees will break BYOD rules

Summary: Employees aged 21 to 32 in Asia will circumvent corporate policies governing the use of personal devices for work, and 12 percent will not inform their company if these devices have been compromised, reveals survey.


Generation Y employees will circumvent corporate policies governing the use of personal devices at work, turning to prohibited services such as personal cloud storage for work purposes. 

Employees aged 21 to 32 years said they would break rules prohibiting the use of personal devices, personal cloud storage services, and other emerging technologies such as smart watches, connected cars, and Google Glass, according to survey findings released Tuesday by Fortinet. 

Conducted in October, the study polled 3,200 respondents in the age group across 20 countries including China, France, Germany, Hong Kong, India, Japan, Taiwan, the U.K., the U.S. and Russia. Among the survey respondents, 908 were from six Asian economies. All were graduate level executives, and presumably future managers. 

While 48 percent of Asian respondents said their company's BYOD (bring-your-own-device) strategy "empowers" them, 46 percent would circumvent any corporate policy banning the use of personal devices such as smartphones and tablets at work or for work purposes. Last year's study showed a similar trend where 47 percent of Asians said they were willing to contravene corporate policies banning the use of personal devices for work. 

In addition, some 43 percent of respondents in the region revealed they were using their personal cloud storage accounts such as DropBox for work purposes, noting that they would break any rules preventing them from doing so. When these rules were applied to new technologies such as smart watches and Google Glass, 55 percent would ignore the policies. 

12 percent will not inform their company if personal devices they used for work are compromised.

Asian respondents appeared optimistic about the uptake of wearable technologies in the workplace, with 20 percent saying there would be "immediate" widespread adopted while 39 percent said costs would first need to come down. Just 3 percent disagreed that wearable technologies would become widespread.  

Some 90 percent had a personal account for at least one cloud storage service, and 32 percent of respondents had a DropBox account. Some 72 percent of those with personal storage accounts used these for work purposes, with 15 percent admitting they stored work passwords using these services, while 19 percent did likewise with financial data. Another 25 percent stored critical confidential documents such as contracts and business plans on their personal storage accounts, while 39 percent stored customer data. 

Some 32 percent Asian cloud storage users said they had complete trust in storing their personal data in the cloud, while 6 percent refused to do so due to a lack of trust.

Some 56 percent of respondents said they had experienced security attacks on personally-owned PCs and laptops, and as a result, half of these suffered a loss in productivity as well as loss of either personal or corporate data or both. 

Asked about attacks on smartphones, a lower 27 percent had experienced security breaches even though there was a higher level of smartphone ownership among the respondents, compared to PCs and laptops. Another 27 percent reported security attacks on their tablets. 

Some 12 percent would not inform their company if the personal smartphones and tablets they used for work had been compromised, according to the survey. 

Patrice Perche, Fortinet's senior vice president for international sales and support, said in the report: "This year's research reveals the issues faced by organizations when attempting to enforce policies around BYOD, cloud application usage, and soon the adoption of new connected technologies. The study highlights the greater challenge IT managers face when it comes to knowing where corporate data resides and how it is being accessed.

"There is now more than ever a requirement for security intelligence to be implemented at the network level in order to enable control of user activity based on devices, applications being used and locations," he said, noting that it was "worrying" that so many Gen Y employees were willing to circumvent BYOD policies, especially amid the high instances of cybercrime. 

However, Perche said it was also heartening to see 88 percent of Asian respondents recognized they were personally responsible for ensuring the security of their personal devices.  

Topics: Mobility, Asean, IT Employment, Bring Your Own Device, IT Policies


Eileen Yu began covering the IT industry when Asynchronous Transfer Mode was still hip and e-commerce was the new buzzword. Currently a freelance blogger and content specialist based in Singapore, she has over 16 years of industry experience with various publications including ZDNet, IDG, and Singapore Press Holdings.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Security Vulnerabilities

    Interesting Article.

    There is still allot of security vulnerabilities as you pointed out.

    To name a few.

    A BYOD that goes missing might contain sensitive data and BYOD's are also vulnerable to malware and once compromised this could corrupt your entire business network.

    Thanks for the read

    Jake Plum from Mumba Cloud
    Jake Plum
  • BYOD is a myth

    BYOD is a myth, a marketing trick invented by the phones manufacturers to hide the fact they totally overlook the security of smartphones. BYOD devices will never be safe because securing these devices will require a breach of privacy and a reduction of functionalities. If you allow users to install their own applications, manage the device services, surf the Internet as they like and control their communications (Wifi, Bluetooth etc...) these devices will never be safe enough to have a place in enterprises infrastructure. The only possibility is to have secured devices owned and maintained by the Company in the same way computers are managed, this means with no administrative accesses for the users and a centralized management. There is only very few devices than can provide such security.