15% of firms have no BYOD policy in place

15% of firms have no BYOD policy in place

Despite the rapid rise of employees using their own smartphones and tablets for work-related purposes, a new survey has indicated that 15 per cent of firms allowing the bring your own device trend in the US have no security policies in place.

This means there is a distinct lack of rules and regulations governing how mobile devices are used within the organisation and what can be accessed through them.

According to the ThreatMetrix study, which canvassed the opinions of business managers and IT executives in the retail and finance industries on their security measures concerning BYOD, one-in-four said they allow their workers to use personal mobile devices.

Despite this level of BYOD being present among the companies questioned, which will be making use of the increased efficiency and productivity the trend provides, 15 per cent were found not to have measures in place to make sure employees are using their own devices in a secure and safe manner that does not put the company and any sensitive information it owns in danger.

Of those managers and IT executives that admitted to allowing their workers to use personal devices, 70 per cent said they grant access to company emails, just over half (53 per cent) enable staff to access websites, with just 16 per cent allowing access to very sensitive data such as file servers and 13 per cent approving the viewing of financial information.

While the firm commended companies for not allowing staff access to very sensitive information, it did warn that criminals gaining entry to company email addresses could expose information and cause sever damage to the business and its reputation.

It noted that without a layered approach to security issues, employees' personal smartphones and tablets can unwittingly expose the corporate documents of a company to fraud and even malware.

Andreas Baumhof, chief technology officer, ThreatMetrix noted that it is certainly the case that embracing BYOD can provide a more efficient and productive workforce and business, companies "cannot ignore the additional risk of unknown devices connecting to corporate networks".

He added: "As BYOD becomes commonplace across industries, a layered security approach, including device identification and malware protection is crucial to protect corporate and customer data."

Mr Baumhof explained that businesses within the retail and financial industries need to implement preventative measures when it comes to the use of employee- and company-owned devices in and away from the workplace.

He noted that "highly sophisticated" cybercrime threats continue to pose a danger to organisations taking advantage of the BYOD trend.

"Ensuring that every device can be safely used in the workplace is a challenge for which few organisations are prepared. However, implementing robust BYOD policies and cybercrime prevention solutions can stop cybercriminals in their tracks and protect sensitive data."

One way of developing a more secure environment for the use of employee-owned personal smartphones and tablets is through the addition of mobile device management tools, which give the businesses greater control over data once it leaves the workplace, enabling remote wiping of data should a device be lost or stolen.