Where BYOD policies fail: It comes down to users

Most workers today want to be able to work from their own mobile devices at least some of the time, yet security will still present a major problem. So what’s keeping BYOD programs from being effective? In short, it’s the users themselves. 

Raytheon recently surveyed IT pros about their BYOD programs as part of its Security in the New Mobile Ecosystem report. While the report highlighted several security concerns that come with mobile devices and their associated apps, one question stands out for nailing down the security threat.

When asked what the biggest barriers to implementing a BYOD program were, respondents said:

  • users not wanting the company to have control over their personal devices (34%)
  • difficulty managing devices (30%), and
  • employees fearing loss of personal data (13%).

Of those top three concerns, two boil down to users not really trusting IT with their personal devices. With so much of their lives spent on and around these phones, that’s actually a pretty understandable concern.

Users present BYOD security risks, too

But the lack of trust would seem to cut both ways. According to the report, 56% of respondents indicated that employee resistance was the biggest obstacle to effective mobile security.

On top of that, 60% of respondents said that the use of mobile devices in the workplace has diminished users’ security practices, and 52% said security practices on mobile devices had been compromised in order to improve productivity.

In short, while users see IT as a threat to their mobile devices, many in IT see mobile devices as a threat to information security. And as a result, BYOD programs can seem unwelcome by both sides.

Finding common ground

Communication is an important, and sometimes overlooked, part of any BYOD program. It can be helpful to establish a few truths with users:

  • IT doesn’t want them to lose personal data or device access any more than they do
  • Security is important not only for your BYOD program, but also for users’ own devices, and
  • much like users, IT’s primary goal for allowing personal devices is to increase productivity, not to compel security measures.

If users are still skeptical, you may want to consider giving a range of options. Most users reported that their mobile devices are primarily used for the most basic of work functions: email, texts, calls and contact lists. If you can get away with offering a basic, email and contacts only mobile option that users could elect to take instead of having more cumbersome security, that could prove beneficial for both parties. That way, users wouldn’t have to worry about too much IT control of the device, and IT would only need to protect one aspect of the device.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy