We're celebrating 10 Days of Membership! Today's Gift: $20 off your professional membership with promo 10DAYS20OFF
Training, policies and tools to help HR prevent and respond to harassment claims.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Develop your HR competencies and knowledge in-person in 12 U.S. cities or virtually.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
The bring-your-own-device (BYOD) movement may be popular with employees, but it may also be putting corporate data at risk due to a lack of adequate security controls, employer policies and employee education, according to a survey conducted by Coalfire, an IT governance, risk and compliance services company.
Calling BYOD—where employees bring their smart phones, tablets and laptops to work and connect to corporate networks—a “megatrend,” Coalfire said that the movement toward employee-owned devices is introducing a number of new security risks and that companies need to do much more to protect their infrastructure.
“Gone are the days where security professionals can lock down a finite set of machines and facilities. Instead, they must manage an ever-growing, ever-changing landscape of employees, devices and applications, many of which have access to information that needs to be protected,” said Mike Weber and Christopher Lietz, authors of the report.
Mobile Device Security Begins with a Password
The study, based on a poll of approximately 400 non-IT department individuals in a variety of industries, found 47 percent of respondents have no passcode on their mobile phone, even though 84 percent of individuals stated that they use the same smart phone for personal and work usage.
Sixty-eight percent of respondents reported that they used a laptop, with 31 percent of those laptops having been issued to them by their company. Tablets were a distant third in the survey, used by only 20 percent of responders and are almost all owned by the employee.
Mobile device security appears to be best understood when a laptop is being used, the survey found: 80 percent of laptop users employ passwords. Only 58 percent of tablet users employ this important layer of protection.
When they learned that a strong password meant using at least 8 characters, including letters, numbers and symbols, just half of smart phone user respondents claimed to have strong passwords. Tablet and laptop users were more confident, with 62 percent and 76 percent claiming to have strong passwords.
Risky Mobile Device Behaviors
Another set of questions in the survey focused on user behavior, specifically the susceptibility in using insecure networks, e-mail phishing, malware downloads, shared passwords and plain bad practices.
Six in 10 respondents said they still write passwords down on a piece of paper while 36 percent of workers said they reuse the same password for different accounts. Thirty-two percent admitted to having joined unsecured, public Wi-Fi networks. Nearly four in 10 confessed to having clicked on links from e-mails purporting to be from financial institutions, a common phishing trap, while half of respondents said they clicked on links through social media.
“This is especially worrisome when coupled with users’ access privileges,” the authors wrote.
Thirty percent of smart phone users acknowledged that they have access to sensitive information, and another 16 percent weren’t sure if they have such access. Tablet users gave similar responses (34 percent and 13 percent, respectively).
Company Policies Also to Blame for Weak BYOD Security
Employees are not solely to blame for potential security risks associated with BYOD.
Sixty-one percent of respondents said they had no knowledge of a company social media policy, and 62 percent said the same about policies for mobile device usage. “In conducting an IT security review, our auditors often find that our clients have policies, but employees don’t know about them,” Coalfire said.
Only 25 percent of the survey takers reported a discussion from IT about mobile security, and a whopping 79 percent of respondents didn’t know that IT could deactivate and erase the data on lost devices.
Recommendations to Help Secure Data on Mobile Devices
Coalfire offered the following recommendations:
“Mobile devices have arrived in the workplace, and it’s a win-win situation when employees provision their own devices, helping to lower costs and increase productivity. But you must know the risks and manage them,” the authors concluded.
Roy Maurer is a staff writer for SHRM.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 3,200 companies