BYOD Putting Organizations at Risk, Study Finds
As BYOD increases in prevalence, organizations are repeatedly hearing that policies are essential. Yet the majority of businesses are failing to heed the warnings about BYOD security risks. A recent study found that 73 percent of IT leaders felt their data was at risk due to workers accessing work information on personal devices. Of those organizations that have put BYOD in place, only 48 percent of IT leaders and 35 percent of IT professionals feel the policy is crystal clear.
The Risks
In addition to concerns about data risk, the study also revealed that BYOD could put organizations at risk of non-compliance. More than one-third of respondents reported they weren’t confident their BYOD policies meet government compliance standards. Non-compliance puts organizations at risk of hefty fines.
In addition to government fines, businesses face exorbitant financial consequences when data is compromised. One security breach often results in notifying thousands of customers, which takes time and financial resources from a company. The damage to a company’s reputation also results in a financial loss once customers feel their data is unsafe with that company.
BYOD Policies
Crafting a BYOD policy is only one phase of the process. Businesses should emphasize the importance of safe technology use through at least one training session. During this session, employees should be warned of the risks of BYOD, including the possibility of the device being confiscated during legal discovery and remotely wiped if it is reported lost. Workers should also be required to sign off on the policy before access to servers is granted.
In addition to putting a policy in place, security policies should be set at the server level that will protect the organization against those who are aware of the policies, yet choose to violate them anyway. Businesses can create policies and inform workers of them but unfortunately, there will still be workers who choose to disregard them. Safeguarding data at the server level is the safest way to protect that data from employee behavior.