3 areas where BYOD security is still lacking

Companies are creating BYOD policies and managing users’ personal devices. But recent research highlights some of the mistakes many organizations are still making.

Senior employees are exempt from the rules

Personal device policies are becoming more common in companies. However, not everyone in the company is being asked to follow the rules for BYOD, according to a recent survey conducted by the Ponemon Institute.

Among the 570 IT professionals surveyed, 25% say their company makes policy exceptions for executives.

Of course, a policy isn’t worth much if not everyone has to follow it. And making exceptions is especially dangerous in this case because those senior employees are typically the ones whose mobile devices will be holding the most sensitive information.

Users aren’t trained on BYOD security risks

A lot of the new security threats created by personal devices are caused by how people will use those gadgets. However, 80% of companies admit they haven’t trained users on the new risks BYOD creates.

As a result, most (77%) say users don’t understand mobile security risks.

Even simple education can have a big impact. At this year’s CITE Conference in San Francisco, Steve Damadeo, IT Operations Manager for Festo Corporation, recounted how his company got people on board with a policy change increasing the minimum length for a smartphone passcode from four to eight digits.

The focus of the lesson wasn’t on company data — since employees are using personal devices, IT asked them how important it was to protect their personal privacy. Then a staffer demonstrated how a four-digit passcode could be cracked in 15 minutes, whereas an eight-digit code takes more than 60 days.

Data isn’t wiped when users leave

While it’s important to secure data on current users’ personal devices, it may be just as important to make sure that BYOD data isn’t misused when employees leave.

However, only 21% of companies say they perform a remote wipe of corporate data when someone’s employment ends.

Companies can minimize risks by using Mobile Device Management (MDM) software or other tools to make it easy to organize a phone’s contents into work and personal data, making the wipe simpler.

In addition, companies can keep all data stored on the company’s servers and allow users to access it through the cloud, rather than load it onto their devices. That way, IT can simply remove an employee’s access privileges once that person is no longer employed by the organization.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy