"An increasing amount of employees prefer to use their personal devices at work, for work purposes," says Bruce Goodwill, sales director for EMEA, Australasia and Latin America at security software creator AVG. "It might be convenient for them, but it causes an enormous headache for their company's IT department. Every time a personal device is connected to the company network, there is a risk that the security of the entire network will be compromised or breached."
Market research firm TNS Sofres recently conducted a poll among IT directors across the globe. The survey reveals that 45% of respondents claim that their personal hardware and software are more useful to them than the applications provided by their employer. This ability to use their own devices for work purposes is apparently having a decidedly positive impact on employee morale, with 88% of survey participants believing that it has increased their job satisfaction. However, that same survey reveals the flip side of BYOD freedom, with 72% of companies responding that they have experienced increased security incidents due to the use of mobile devices.
Other surveys that have also been performed specifically to scrutinise the growing BYOD trend, confirm that these BYOD initiatives are indeed lacking in adequate security. "When an infection and attack occurs on an employee's personal device that has also been connected to their work network, the IT department has to intervene, since it can compromise the security of the company's entire network," explains Goodwill. "It becomes a costly endeavour, because it often leads to hours of time wasted as IT employees work on trying to find, fix and secure the device or network."
The survey confirms that 5.2% of IT staff time during a typical week is spent on e-mail security management. "It is imperative that small and medium businesses implement and enforce a strict BYOD policy," suggests Goodwill. "Most companies that provide their employees with devices issue it along with a company mobile liability policy.
"This means that, not only do they provide and pay for the mobile device, but they can dictate what their employees are allowed to do with it. It also means that they may have remote capabilities to monitor an employee's activity on the device and which will allow them to remotely wipe the data. In the event of BYOD, the employer might insist on having the same remote control of their workers' devices," Goodwill says.
