BYOD Businesses Still Lack Effective Security Policies

Survey results suggested that unless an organization has a strong policy to govern BYOD usage, the company could be put in a precarious position.

A majority of businesses (53 percent) are unprepared to deal with hacked or stolen bring-your-own-device (BYOD) technologies, even though half indicated company-owned tablets, notebooks and smartphones may have been hacked in last 12 months, according to a report from ITIC and KnowBe4.

The survey results indicate that 65 percent of businesses now allow end users to BYOD and use them as corporate desktop or mobile devices to access organizational data including email, applications and sensitive data.

BYOD usage can help businesses reduce expenditures and lower the administrative burdens of IT departments as end users manage, maintain and in many cases pay for their own devices.

However, the rise in BYOD, mobility and remote and telecommuting users potentially increases the risk of security breaches.

The findings are part of a joint study conducted by ITIC, a research and consulting firm based in the Boston area specializing in conducting independent surveys tracking crucial trends and KnowBe4, a security awareness training firm.

The survey polled 250 companies worldwide in February 2014, finding that 55 percent of organizations are not increasing or fortifying their existing security measures despite the recent spate of high profile security attacks against companies like Target, Skype, Snapchat and others.

"Mobile devices are the new target-rich environment," Kevin Mitnick, KnowBe4’s chief hacking officer, said in a statement. "Based on lessons learned in the early days of the personal computer, businesses should make it a top priority to proactively address mobile security so they avoid the same mistakes of the PC era that resulted in untold system downtime and billions of dollars in economic loss."

Survey results suggested that unless the corporation has strong, effective policy, procedure and security awareness training in place to govern BYOD usage, the company and its sensitive corporate data could be put in a precarious position in the event that a mobile device is lost, stolen or more likely, hacked, a real possibility in recent times.

Eighty percent of firms surveyed said they consider strong anti-virus, intrusion detection and firewalls the most important or critical element and most effective mechanism to safeguard their networks followed by endpoint security.

Some 60 percent of survey participants cited physically limiting access to the server room and data center, and providing end-user security awareness training as also being crucial to maintaining security.

"These survey findings should galvanize corporations to proactively safeguard data in advance of an expensive and potentially crippling loss or hack." ITIC principal analyst Laura DiDio said in a statement.

Some 45 percent of businesses surveyed indicated they are taking additional security measures.The top three most popular security mechanisms include installing the latest security fixes and patches (49 percent), conducting security audits and vulnerability testing (36 percent) and initiating computer security training for IT and end users.

The survey also indicated organizations remain divided on who bears responsibility for BYOD device security. More than four out of 10 businesses—43 percent --currently have no designated BYOD security policies.