While IT sweats BYOD policies, users reject them

Two recent reports show that neither users nor IT are particularly comfortable with BYOD as it stands today. And while IT is working to refine these policies, users are likely to ignore them. 

According to a recent TEKSystems survey, an alarming 64% of IT pros don’t have a BYOD policy in place. A majority (72%) of these respondents also said that they believed sensitive company data is at risk due to employees accessing information from personal devices.

A lack of BYOD policies and worrying about data being lost on personal devices would seem to go hand-in-hand, but the news gets worse. Even when companies do have BYOD policies, a large group of workers seems less than inclined to follow them to the letter according to a separate survey.

Fortinet recently surveyed 21- to 32-year-old employees on personal device usage at work. More than half (55%) had experienced attacks on personal devices, yet only 14% said they’d report such attacks to IT if the device was used for work.

Worse still, more than half (51%) said they would violate BYOD policies that restricted the use of personal devices for work. And to top it all off:

  • 70% have used personal cloud accounts for storing work information, and
  • 33% admit to storing customer data on those accounts.

BYOD policies need to meet workers where they are

Banning personal devices or cloud accounts outright probably won’t work. Younger employees (and many others, too) reject these kinds of rules as too limiting.

Instead it’s important to have BYOD policies that explain what can be done from personal devices and what cloud accounts are acceptable for storing work.

These policies should include:

  • basic security measures workers will be responsible for, such as having passwords on devices or registering them with IT
  • instructions on how to report a lost, stolen or compromised device
  • tasks which are allowed to be conducted from personal devices as well as those that aren’t allowed to be done from non-company equipment, and
  • discipline measures that can result from violating policies.

It’s likely too late to institute bans on every personal device or service. Instead, try to get users to work safely without suffering any hits to productivity.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy