BYOD Security a Major Concern for Small Businesses

IT pros fear a loss of company or client data, unauthorized access and malware infections.

Security is both the top concern and top measure for success for enterprises implementing bring-your-own-device (BYOD) programs, according to The BYOD and Mobility Security Report, which surveyed 1,650 information security professionals around the world through Holger Schulze's Information Security Community group on LinkedIn.

Security is a very big concern and was cited by 70 percent of respondents as the top criteria for success, even over employee productivity, cited by 54 percent. Respondents fear a loss of company or client data, unauthorized access and malware infections, and many say they lack the resources necessary to address these security concerns.

The survey, sponsored by endpoint management and security solutions specialist Lumension Security, revealed mandatory use of encryption was cited as a risk-control measure for mobile devices by 40 percent of respondents. Encryption is considered best equipped to deal with lost or stole devices, which was the third-ranked security concern, after lost data and unauthorized access. The majority of respondents were information security specialists in organizations of between 10 and 99 employees.

"What is concerning to me is the lack of security that is actively implemented, according to survey respondents," Paul Zimski, vice president of solution marketing at Lumension, said in a statement. "Over a third of organizations have no security at all and most are relying on just encryption. Encryption is great if the device is lost or stolen, but it does little good against something like a phishing attack. In the end, a mobile device is an endpoint, subject to the same attacks we protect against on so-called traditional endpoints. Encryption simply is not enough."

Research results indicated BYOD is of interest to many organizations, with close to 20 percent widely supporting privately owned devices, an additional 35 percent saying BYOD is under evaluation. In addition, some 40 percent of respondents still supporting company-owned mobile devices.

The use of personal mobile devices in the work place is seen as providing many benefits to employees and businesses alike, including improved employee satisfaction, productivity and mobility, each cited by more than 50 percent of respondents as a primary driver and benefit of BYOD.

However, when asked if they felt ready for a full enterprise BYOD adoption, only 6 percent responded that their organization was 100 percent ready, while the majority of respondents claimed to feel less than 50 percent ready for BYOD. The survey found almost a third of organizations say that they do not have even a basic BYOD policy in place to help mitigate some of the risk.

Ninety percent of U.S. employees used their personal smartphones for work within the past year, yet only 46 percent believe their employers are prepared for any issues that could arise from BYOD, according to a March study in which a network of Cisco partners polled 1,000 consumers. The survey revealed that 39 percent of employee's personal devices are not password-protected, and just over half (52 percent) reported accessing unsecured WiFi networks with their devices, a well-known vulnerability in the cyber-security industry.