Most security policies are outdated: Are yours?

Personal mobile devices are the biggest threat to a company’s security, according to a recent survey – but many IT departments’ policies don’t reflect that fact.

Personal mobile devices are the number one security threat businesses face today, according to 58% of the IT pros surveyed recently by the Information Systems Audit and Control Association (ISACA).

Just 33% chose work-issued devices, such as phones, laptops, tablets computers, broadband cards and flash drives, as the primary source of risk in their companies.

Despite the recent wave of users bringing their own technology to work, just under half (49%) of businesses said they had updated security policies that reflect the new threats.

One reason companies have been hesitant to act: IT pros recognize that, while users’ personal gadgets pose a risk, there is also some benefit to allowing people to use their own technology.

Among the businesses surveyed:

  1. 26% said the benefits outweigh the risks
  2. 36% said the benefits and risks are balanced, and
  3. 37% said the risks outweigh the benefits.

What are the benefits? Companies often cite improved morale, higher productivity and lower costs as reasons to let employees work with their own devices.

The key for many businesses is finding a balance and keeping the company’s network secure without a complete ban. Experts recommend IT:

  1. specify what devices the company will and won’t support — some are more secure than others
  2. require devices to be outfitted with encryption and user authentication tools
  3. install remote wipe software on devices so data can be cleared if the device is lost or stolen, and
  4. develop policies describing how the device will be used and what information can and can’t be stored on it.