Employees who BYOD leave basic security behind, study finds
- By Kevin McCaney
- Apr 09, 2012
Eighty-one percent of people surveyed in a new study say they use a
personal device for work — and more than half of them fail to take the
most basic steps to secure their devices and data.
And they’re using those devices for work whether their employers have
officially OK’d it or not. Sixty-six percent of those using a personal
device for work say their organization does not have a “bring your own
The survey, conducted online in February by ESET and Harris
Interactive, included 1,320 employed U.S. adults, sought to determine
the extent of BYOD practices and how well, or poorly, those devices are
being secured, according to a by ESET security researcher Cameron Camp.
Organizations in dark as employees party on with BYOD
Personal mobile devices give agencies an IT headache
For one thing, it found that BYOD doesn’t always have to mean smart
phones and tablets. Desktop PCs, for example, were the personal devices
most commonly used for work.
The breakdown of devices used for work:
- Desktop, 56 percent.
- Laptop, 51 percent.
- Smart phone, 38 percent.
- Tablet, 15 percent.
- Other, 4 percent.
- None, 19 percent.
More important than just using their devices for work-related tasks,
which could be as simple as checking e-mail via Web access, is whether
they use those devices to store access and/or company information. Those
numbers from the survey:
- Desktop, 47 percent.
- Laptop, 41 percent.
- Smart phone, 24 percent.
- Tablet, 10 percent.
Camp said those numbers reflect a “fairly logical adoption curve,”
with established, and still more prevalent, devices such as desktop and
laptops being used more often for work.
But concern over BYOD has grown recently in connection with mobile
devices, as more and more people buy them, travel with them, and mix
business and personal activity on them. Government agencies have been
working on BYOD policies at least in part out of recognition that the
use of mobile devices for work is inevitable.
And mobile devices, which can be easily lost or stolen and can pick
up infections via some of the apps that abound for them, aren’t often
being secured, the survey found.
Auto-locking features, a basic step that offers at least some
protection if a smart phone or tablet is lost, are largely being
ignored, according to the survey results. Less than 10 percent of people
using tablets for work have enabled auto-lock; about 25 percent of
smart-phone users have, and about a third of laptop users.
Auto-lock with password protection was in use for less that 50
percent of laptop users, less than one-third of smart-phone users and
only 10 percent of tablet users, according to the survey.
Overall, company data was being encrypted on only about a third of BYOD devices.
The upshot of the study: Personal devices, and increasingly mobile
ones, are being used to access and store data at work, and fewer than
half of them are being secured by even the most basic protective
As organizations develop their own BYOD policies, Camp recommended
they could immediately increase their security by implementing those
basic steps: turning on auto-locking, setting up password protection and
Kevin McCaney is a former editor of Defense Systems and GCN.