3 steps companies aren’t taking to get ready for personal devices

Employees are bringing personal devices to work, and IT has no choice but to prepare for BYOD. However, a recent survey shows some critical steps that most organizations haven’t taken. 

While both IT departments and end users see the benefits of BYOD, many companies lag behind when it comes to protecting the organization and its data, according to a recent survey from CITA.

These are some of the biggest steps the organizations surveyed aren’t taking:

1. Get everyone on the same page

It shouldn’t surprise IT managers that many users aren’t very knowledgeable about mobile security risks and why it’s a bad idea to bring in a personal device without taking any security precautions.

But there was a surprising revelation in CITA’s survey: Many IT pros don’t know much about BYOD, either.

Close to half of users (47%) have never heard of BYOD at all, and just 30% are somewhat or very familiar with it.

IT pros are doing better, but still, just over half (55%) of IT employees are familiar with BYOD, and 26% had never heard of it at all.

That lack of knowledge may explain why IT departments are often in the dark about how many employees are using personal devices. The majority of the 250 IT pros surveyed believe fewer than 25% of workers use a personal device on a regular basis. However, 57% of the 1,000 users surveyed reported doing so.

The first step for companies to effectively manage BYOD: Get everyone in the company on the same page. That means having IT communicate with department managers about what the company’s policy will be and how it will be enforced.

2. Communicate the policy

The good news: As more users bring in personal devices, more companies are catching up and writing BYOD policies. But the bad news is that many employees have no idea that their company even has a policy about personal devices.

The majority of companies (58%) now have a BYOD policy in place, according to the IT pros surveyed. But close to half (47%) of the employees surveyed said there was no policy, while 13% had no idea if there were any rules.

The bottom line: A policy does no good if the people it’s supposed to cover aren’t aware of it.

3. Configure and approve devices

One key element of the BYOD policy should be restrictions on what devices employees are allowed to use. Some smartphones and tablets are more secure than others, and IT needs to make sure that all necessary security features are available and enabled.

However, in a recent survey from the Ponemon Institute, 61% of companies said they don’t require personal devices to be tested to make sure their security is up to par.

The CITA poll shows that many organizations aren’t enforcing even the most basic security precautions for devices used as part of a BYOD program. For example:

  • Just 46% require password or PIN protection
  • Only 38% require that mobile antivirus programs be installed
  • Just 26% have installed apps that can remotely wipe or lock a device, and
  • Only 24% restrict what employees can download on those devices.