BYOD Initiatives Have Value, Despite Risks: Symantec

The survey indicated organizations treat BYOD and corporate-controlled devices differently.

While most organizations allow employees to use personal mobile devices for business purposes, they also accept that doing so will likely result in a mobile security incident, according to Symantec.

Although the implementation of bring-your-own-device (BYOD) initiatives is worth the risk, IT leaders need technology to enforce policies and protect their organizations from mobile security incidents, according to a survey of 236 Symantec Vision conference attendees conducted by the security solutions specialist.

The majority of organizations reported at least one mobile security incident within the past 12 months, with the top mobility incidents businesses experienced in the past 12 months including lost or stolen devices (60 percent), spam (60 percent), malware infections (43 percent), phishing attacks (40 percent), and exposure of confidential information (19 percent).

Although 70 percent of organizations reported that the benefits of mobility are equal to or greater than the risks and challenges associated with having mobile devices, 59 percent of respondents reported that their organizations do not yet give their employees the same productivity apps on BYOD and corporate-owned devices.

The survey indicated organizations treat BYOD and corporate-controlled devices differently, with 83 percent of organizations still allowing employees to use personally owned devices for business use. However, 42 percent of employees use a personally owned mobile device for business regardless of their company policy.

While a majority (80 percent) of organizations enforce their policies, only 68 percent use technology to enforce it. Surprisingly, one in 10 organizations (11 percent) use human-resources controls to enforce these policies, which typically means they operate on the honor system or base their enforcement on the whistle blowing of other employees.

Sixty percent of organizations said that managing mobility is a challenge for them. As a result, 90 percent turn to mobility management technology to help them secure, provision, configure and otherwise protect their organization’s data that resides on the mobile devices of their company and employees.

The top four applications that employees use for business purposes or to access business information from their personally owned mobile devices in the past 12 months were a Web browser (72 percent), email (58 percent), contacts (56 percent) and a calendar application (55 percent).

Ninety percent of U.S. employees used their personal smartphones for work within the past year, yet only 46 percent believe their employers are prepared for any issues that could arise from BYOD, according to a March study in which a network of Cisco partners polled 1,000 consumers.

The survey revealed that 39 percent of employee's personal devices are not password-protected, and found just more than half (52 percent) reported accessing unsecured WiFi networks with their devices, a well-known vulnerability in the cyber-security industry.

The results indicated security issues go deeper than password protection and WiFi access. A large number of BYOD users don't even consider that their phones' Bluetooth discoverable modes may still be on, and 48 percent of work smartphone users haven't disabled the feature on their devices. If a security issue were to arise, 86 percent of workers said their employers couldn’t remotely wipe their device's data--that includes if the device is lost or stolen.