Company and employee disconnect on BYOD security policies

Many employees do not take adequate steps to protect company information, a weakness that could result in critical security breakdowns, according to Webroot.

Key findings:

  • More than twice as many workers report using personal devices than those using devices issued by their employers, indicating a potential IT security gap
  • 60% of those using a mobile device for business have either no security or just the default features set on the phone
  • Nearly half say they would stop using their device(s) for work altogether if corporate policy required that they install a security app on personal devices used for work purposes
  • Employers being able to access employees’ personal data emerged as the top worry, with a majority describing themselves as either extremely concerned or very concerned about this
  • 73% agree that employees should have some influence on software or security installed on personal devices used for work.

The new survey, based on data collected by Harris Interactive, features perspective from more than 2,000 working professionals in the U.S. It concluded that while 62 percent of employees would be receptive to security software on personal devices, these requirements would need to be communicated clearly by their employer.

While allowing such devices to access company data provides real business benefits, it can also expose business to higher risk of security threats, including phishing attacks, malware, and browser hijacking.

“Companies gain a lot in terms of increased productivity and lower expenses by allowing their employees to use personal devices to access corporate data, but it can create a real challenge for the IT department to secure devices they do not control,” said Mike Malloy, executive vice president of products and strategy at Webroot. “We believe a good mobile security app is a critical part of the solution, but the company must work with its employees by proactively communicating and making them part of the security process to get compliance.”

The BYOD Bill of Rights was created as a guideline to bridge the gap between employees’ preferences and the needs of the organization. All professionals should have the following rights regarding their personal devices:

  • Privacy over their personal information
  • Be included in decisions that impact their personal device and data
  • Choose whether or not to use their personal device for work
  • Stop using their personal device for work at any time
  • Back up their personal data in the case of a remote wipe
  • Operate a device that is unencumbered by security apps that significantly degrade speed and battery life
  • Be informed about any device infections, remediation or other activity that might affect device performance or privacy
  • Download safe apps on their personal device.