BYOD is increasingly popular in the workplace, but half of organizations are exposing themselves to unnecessary extra risks by not implementing a clear policy on usage, according to Bitglass.
The security vendor polled 150 IT and security professionals at Cloud Expo Europe in London earlier this year.
It revealed that 74% are allowing employees to use their personal devices at work, but 47% either don’t have a policy in place to manage them, or don’t know if one existed.
Particularly baffling were the findings that unmanaged devices were considered the top blind spot for data leakage, with 31% agreeing. However, just 16% cited this as a top security priority for the coming year. Instead, malware protection (26%) came top.
Also concerning was the fact that over a quarter of respondents (28%) claimed they don’t enforce any multi-factor authentication (MFA) to protect personal devices.
Steve Armstrong, regional director at Bitglass, argued that BYOD can drive improved productivity, cost savings and talent retention, but in so doing may increase the risk of data loss if proper policies and security controls aren’t put in place.
“In order to securely reap the benefits of BYOD, organizations need advanced tools such as user and entity behavior analytics (UEBA) and data loss prevention (DLP),” he added.
“Additionally, they must be able to selectively wipe corporate data from personal devices without affecting the personal data therein. However, for deployments to be successful, these capabilities need to be implemented through an agentless solution that won’t hinder user privacy or device functionality.”
A study from 2018 revealed that 61% of UK small businesses experienced a cybersecurity incident following their introduction of BYOD.
A government breaches survey from earlier this year claimed that the use of personal devices “tend to be less commonly covered” by cybersecurity policies.