Back in 2012, our research into CIOs’ attitudes towards security threw up some interesting insights into IT leaders’ attitudes towards BYOD (Bring Your Own Device). Now, almost a year on, a new Gemalto study has shed further light on the BYOD phenomenon: this time from the point-of-view of employees.
In a whitepaper, entitled ‘The Weakest Link’, our research shows that companies’ own employees may pose a greater risk to their overall security than any other external factors. The BYOD trend is playing a big part in this, as the proliferation of internet-enabled devices means more connections to the corporate network. According to our findings, a third of employees use their personal devices on their company’s network despite knowing that it is officially forbidden.
But it is what these users don’t know that poses the greater risk to their employers. Those using their own devices in the workplace were found to have a lower than average awareness of their organisation’s security policy, with just 63 percent saying that they were fully up-to-speed. Meanwhile, only 57 percent said that they had the latest security technology installed on their devices, and ensured that it was kept up-to-date. Perhaps most worryingly, they appeared to be at greater risk of having their accounts compromised: 15 fifteen of BYOD users said that they had had a social media account hacked, which was double the level of those who used only their company’s devices.
The paper also reveals some interesting details of the individuals most likely to be practicing BYOD, helping us to build up a profile of the employees who may be putting their companies at risk. Perhaps unsurprisingly, senior managers are more likely to be using their own devices, as it is they who are most likely to be travelling, presenting to clients and conducting other tasks that require increased mobility. Similarly, it stands to reason that knowledge workers and those in technology-focused roles are most likely to be BYOD advocates.
One would expect senior, tech-savvy employees to be more risk-aware, yet when it comes to BYOD, it would seem that the opposite is true, and that these workers are putting their employers at risk by inadvertently (and, in some cases, wilfully) contravening their organisation’s security guidelines. If it is indeed the case that a company’s security controls are ‘only as strong as their weakest link’, then there is plenty of evidence in this whitepaper that should have business owners and CSOs worried.
Gemalto is addressing the security challenges of BYOD and other IT security issues by creating solutions designed specifically for enterprise security. My colleagues and I will be discussing this topic with fellow IT professionals at the upcoming Infosecurity event in London. Drop by our booth D95.
To download a copy of the research, you can click here and stay tuned for other articles from our “Weakest Link” series.