BYOD Considered a Personal Security Risk by Employees: Varonis

The online survey of 168 companies found that half had lost a device with important company data on it.

While the rise of bring your own device (BYOD) programs is giving employees greater flexibility regarding where, when and on what platform they are productive, 57 percent of employees believe that BYOD puts their personal data at risk as well, according to a report from data governance software specialist Varonis.

The online survey of 168 companies found that half had lost a device with important company data on it. More worrisome is the fact that 22 percent of the respondents reported a lost device had created security implications. In further analyzing personal device security, Varonis discovered that 13 percent said they didn’t even have device-level password protection in place-- the most basic security measure.

However, it was unclear whether there is a connection between BYOD policies and security consequences. Respondents who reported working in an environment without a BYOD policy reported a slightly higher rate of security implications (26 percent) when a device was lost compared to the overall average, while those in an environment with a BYOD policy experienced closer to the average rate (21 percent).

Regardless of whether they are in a BYOD-approved environment, employees equally appear to be device-obsessed, with nearly 86 percent of employees using their devices for work all day and night. A little under half (44 percent) of respondents reported doing so even during meals. Additionally, 20 percent of respondents consider themselves "borderline workaholic," with 15 percent bringing their devices on vacation, and 7 percent claiming that their work and home lives are one.

"Being connected to work around the clock appears to be accepted as the new normal," Varonis vice president of strategy David Gibson said in a statement. "While organizations are capturing the many benefits of BYOD -- and the willingness of the workforce to embrace this style of working -- companies must protect themselves by developing a BYOD policy that lets people know what is and isn't allowed."

The survey also revealed that only about 26 percent companies completely forbid access to corporate data. The 74 percent of companies that do allow access either have a formal BYOD policy (41 percent) or lack an official BYOD policy but have a permissive environment (33 percent). The most popular method to secure mobile devices is password protection (57 percent), followed by 35 percent who wipe devices remotely and 24 percent who use encryption.

"Whether it’s officially sanctioned through BYOD programs or employees simply using their gadgets during work hours, smartphones and other consumer-grade mobile hardware are now an accepted part of corporate IT environments," the report concluded. "The survey shows that they are carrying their habits of checking emails and other information as they use officially approved personal devices during work. With the blurring of lines between personal and business on mobile devices, the question faced by corporations is how seriously they will enforce policies."