Businesses understand but ignore BYOD risk
Survey suggests firms know the risks but don't have the resources to address them
A quiz of 4,500 IT staff in 83 countries suggests that organisations do in fact understand the security from within and with BYOD -- although few were doing much about it.
The Risk/Reward Barometer 2012 study was carried out by global IT professional organisation ISACA. A consistently high percentage of respondents understood, for example, that storing passwords in a file on a personal device is a high-risk practice in the enterprise.
According to ISACA, the survey – which polled many IT professionals at management level and higher online between 23 and 25 October – also illustrated that companies view individual behaviour as high risk, with BYOD issues still to be solved.
Other activities and events identified by most as high risk included: loss of a work-supplied computer or smartphone; use of online file-sharing services for work documents; and travelling with business data on a mobile device.
Ramsés Gallego, international vice president of ISACA and security strategist for Dell Quest Software, added that the poll also confirmed that many are struggling to keep pace and manage their risk.
"Organisations must embrace BYOD, as it's the way people want to work. And, while BYOD sounds like an invitation to bring a personal device [to work], the truth is people are using their devices whether the organisation wants them to or not," Gallego said.
"The bottom line is protecting data, and ultimately the brand. For many, this may mean the capability to remote wipe devices – regardless of ownership – when a serious risk is inevitable."
While the risk was conceded and understood, less than half of respondents said they encrypted data stored on personal devices, used password management systems or had remote wipe capability.
Most also do not prohibit or restrict the use of location-based apps that could be used to track a staff member. Lack of management support and of resources were the reasons generally given.