Gartner research reveals that U.S businesses potentially have an enormous hole in their security programs due to a lack of policies, user awareness, and enforcement regarding BYOD.
While over one-quarter of organizations require employees to use their personal devices for work, only 15% were instructed to adhere to a BYOD policy, and about one-third said their company has no formal BYOD policy in place at all.
The rest of the approximately 1000 U.S. business employees surveyed said their employer was either not aware of personal device use for work or they simply didn’t know if any policies were in place.
“This means 59 percent of survey respondents who regularly use their private devices for work have not yet signed a formal agreement with their employer,” wrote Gartner analyst Meike Escherich.
“The threat of cyber attacks on mobile devices is increasing and can result in data loss, security breaches and compliance/regulatory violations. One of the biggest challenges for IT leaders is making sure that their users fully understand the implications of faulty mobile security practices and to get users and management to adhere to essential steps which secure their mobile devices. For many organizations, overcoming BYOD security challenges is a full-time task, with a host of operational issues.”
Another issue highlighted in the research is that employees are either not aware of the steps they should take in the event of a mobile security incident, or they are just not reporting them at all, with fully a quarter admitting they have experienced security problems with their personal mobile device related to security, but only 27% reported the issue to their boss organization.
“The key to having a secure device is making sure it is well-managed. Enterprises are being compelled to make decisions about whether or not to allow employee-owned devices to access their enterprise’s network and information,” Escherich said.
“Failure to embrace BYOD will force it underground and into the shadows, where it will have the potential to publicly expose private data and open the enterprise to a data breach situation.”