BYOD Policies Unimportant to Generation Y: Fortinet

Among the worrying findings, 14 percent of respondents would not tell an employer if a personal device they used for work purposes was compromised.

There is a growing appetite of Generation Y employees to contravene corporate policies governing use of devices, personal cloud storage accounts and new technologies such as smart watches, Google Glass and connected cars, according to a survey by network security specialist Fortinet.

More than half (51 percent) stated they would contravene any policy in place banning the use of personal devices at work or for work purposes, and 36 percent of respondents using their own personal cloud storage (such as DropBox or WeTransfer) accounts for work purposes said they would break any rules brought in to stop them.

Among one of the worrying findings of the research, 14 percent of respondents said they would not tell an employer if a personal device they used for work purposes became compromised.

However, the survey also hinted at a direct correlation between bring-your-own-device (BYOD) usage and threat literacy. For example, the results indicated that the more frequent the BYOD habit, the better a respondent’s understanding of threats.

The report noted this was a positive finding for organizations when considering if or when to bring policies in alongside training on the risks. At the same time, when questioned on threats such as advanced persistant threats (APTs), distributed denial of service (DDoS), botnets and pharming, up to 52 percent appear completely uneducated on these types of threats.

"This year’s research reveals the issues faced by organizations when attempting to enforce policies around BYOD, cloud application usage and soon the adoption of new connected technologies," John Maddison, vice president of marketing for Fortinet, said in a statement. "There is now more than ever a requirement for security intelligence to be implemented at the network level in order to enable control of user activity based on devices, applications being used and locations."

In addition, 89 percent of respondents had a personal account for at least one cloud storage service with DropBox, accounting for 38 percent of the total sample.

Seventy of the personal account holders have used their accounts for work purposes, and 12 percent of this group admits to storing work passwords using these accounts, 16 percent stored financial information, 22 percent stored critical private documents such as contracts/business plans, while one-third admitted to storing customer data.

When asked about devices ever being compromised and the resulting impact, more than 55 percent of responses indicated an attack on personally owned PCs or laptops, with around half of these impacting on productivity or loss of personal or corporate data.

"It’s worrying to see policy contravention so high and so sharply on the rise, as well as the high instances of Generation Y users being victims of cyber-crime," Maddison said. "On the positive side, however, 88 percent of the respondents accept that they have an obligation to understand the security risks posed by using their own devices. Educating employees on the threat landscape and its possible impact is another key aspect for ensuring an organization’s IT security."