BYOD exceptions expose Aussie organisations to data security vulnerabilities: Acronis

Most companies don't have a BYOD policy, and of those that do, a quarter give C-suite executives special treatment, according to a survey by data backup vendor Acronis.

C-level executives that get special treatment when it comes to bring-your-own-device (BYOD) policies are exposing their organisations to security risks, according to data backup vendor Acronis.

In Acronis' 2013 Data Protection Trends Research report, the vendor surveyed over 4,300 IT professionals across eight countries, with 390 of them in Australia.

According to the report, 57 percent of Australian organisations do not have a BYOD policy, and 33 percent don't even allow personal devices to access the corporate network. For the rest that do allow BYOD, 27 percent of them give exceptions to BYOD policies to C-level executives.

"Often, the exceptions are made for C-level executives because they want to have certain availability and access to data," Acronis sales manager for Australia and New Zealand Simon Howe told ZDNet. "But typically, you would imagine the C-levels will have the most critical data and giving them exceptions to BYOD policies are a security risk."

Giving employees a chance to bypass BYOD policies, particularly with more senior-level representatives, is an open invitation for data loss and serious compliance issues, according to the vendor.

"There shouldn't be any exceptions at all," Howe said.

Australian organisations have been found to be rather lax with implementing basic IT security measures, as well.

Only 31 percent of local companies mandate device passwords or key locks on personal devices, and a paltry 15 percent perform remote wipes on employee devices when they depart from the business.

Educating employees on BYOD is also critical for protecting organisations from security breaches. Around 79 percent of Australian companies haven't educated their staff on BYOD privacy risks at all.

"One of the first steps companies can do that don't yet have BYOD is to simply just train staff on the appropriate use of data on those mobile devices," Howe said.