BYOD employees 'indifferent' to enterprise security

A new study says the next generation of workers is placing the enterprise at risk with a lax attitude to mobile security.
Written by Charlie Osborne, Contributing Writer on

Businesses are ill-prepared for the attitude of next generation employees who own mobile devices, and may be placed at risk as the BYOD trend causes fractures in security enforcement.

Bring-your-own-device (BYOD) is a corporate trend which has become firmly entrenched in the business world. Most employees in the West own personal devices -- whether they be tablets or smartphones -- and companies can cut costs by allowing staff to use their own devices to connect to corporate networks.

While this permission may be convenient for employees, improve workflows and save the enterprise from facing the cost of outfitting their staff with suitable mobile devices, BYOD can also be a headache for IT and security departments.

By accepting BYOD policies, you place employees within the security chain. If your average member of staff does not keep their devices up-to-date and patched, chooses to use open, less-than-secure Wi-Fi networks or use unapproved cloud storage services to shift and store corporate documents, there is little that a company can do to enforce basic security protocols -- placing networks and potentially sensitive data at risk.

Add a lax attitude to mobile security, and businesses have a problem.

Enterprise equipment maker Aruba Networks's latest report, "Securing #GenMobile: Is Your Business Running the Risk," highlights the challenge BYOD-accepting businesses now face. Within the report, Aruba says that "#GenMobile" -- the mobile-touting workforce within and now entering the enterprise realm -- is paving the way for high-risk behavior in corporate settings.

The study questioned over 11,500 workers across 23 countries worldwide and discovered that almost nine in ten -- 87 percent -- employees assume their IT departments will protect them from threats, and yet 31 percent admitted to losing data due to mobile device "misuse." In addition, brand and operating system ranked far higher in priorities than security when this generation of workers makes purchase decisions.

Interestingly, Aruba found that device sharing is emerging as a popular trend. In total, six out of 10 respondents said they share their work and personal devices with others on a regular basis, but nearly a fifth do not have basic password protection on their smartphones or tablets, and 22 percent stated "they don't have security measures in place so that they can share more easily."

See also: Barriers to BYOD? A lack of trust in employers to protect privacy

Notably, Aruba's research revealed 39 percent of respondents from financial institutions admitted to losing company data, which is 25 percent higher than the average industry surveyed. In addition, albeit ironically, high-tech staff are nearly two times more likely than hospitality or education employees to give up device passwords if asked for by IT.

In terms of age, the research suggests that respondents over the age of 55 were half as likely to experience data theft or loss of personal and client data. The highest rate of data and identity theft was suffered by workers within the 25 - 34 year-old age bracket.

Another major security trend which emerged within the report is willingness to perform self-service IT. Rather than wait on the line to get in touch with IT departments, 77 percent of respondents said they would be willing to deal with challenges themselves. This may be a hook for companies to improve their security in a BYOD world, as long as they are willing to provide basic training in correct mobile device usage and security to staff -- especially as 37 percent of companies do not have a basic mobile security policy in place.

Ben Gibson, CMO of Aruba Networks commented:

"These trends underline that #GenMobile employees continue to be a growing part of the everyday workforce, but they also bring with them some risky behaviors. In a contemporary connected world, firms need to nurture creativity, while at the same time minimize the risk of data and information loss.
As a result, employers need to take an adaptive trust approach to connectivity and data security, identifying individual worker preferences that factor multiple layers of contextual information in order to build secure infrastructures around them."

Read on: In the world of security

Editorial standards