Organisations are increasingly allowing staff to connect to their corporate network using their own personal devices. A two-page factsheet from the Fraud Advisory Panel highlights some of the security issues that should be considered and safeguarded against when adopting such an approach.
BYOD (Bring Your Own Device) can be advantageous, boosting productivity and enabling staff to work while travelling or away from their desk, the advice runs. However, businesses should be aware that there are important security issues around the use of personal devices for work purposes, and these need to be carefully considered and safeguarded against.
The document goes through what Bring Your Own Device actually is, and what a policy should look like, including such issues as a sign-off policy and staff leavers policy; and some dos and don’ts. Do not, the document warns, expect staff to be aware of the policy without telling them it exists; do not introduce a BYOD policy and fail to follow up on it; and do not expect that the existence of a policy alone is enough to prevent fraud or loss of business information. See also the Panel’s separate fraud factsheets on Cloud Computing, and An Introduction to Fraud Risk Management.
For this and similar publications from the Panel, visit the publications parts of their website. Visit https://www.fraudadvisorypanel.org.
Meanwhile digital identity product company Intercede gave the results of its latest research, which found the security of corporate data across the UK is being compromised by workers’ ignorance of the BYOD policies their employers have in place.
A survey of 1213 UK employees across a range of industries found that almost a quarter (23pc) were completely unaware of the BYOD policy of their employer. A quarter of those surveyed accessed company data on their own smartphone or tablet with 7pc doing so without permission. Overall, one in five, 21pc knew they needed permission to access corporate data but hadn’t asked for it, while two in five, 40pc believed they would be able to access it without prior consent.
Some 40pc of workers use a company or personal mobile device to access secure corporate data with almost one in five (19pc) leaving themselves signed in at all times. Just one in 20, 5pc of respondents were concerned that if they lost their handset corporate information would be compromised.
Of those who have password protection in place, 21pc of employees were put off logging-in on mobile devices due to credentials being ‘too long and complicated to remember’, while 12pc believed the whole process was too complicated and avoided using mobile devices for work purposes at all. And 8pc of workers had used ‘shadow IT’ – methods outside of the company technology team – to gain access to work emails without the company’s permission.
Richard Parris, CEO of Intercede said: “By bypassing companies’ BYOD policies and not taking regulations into account when accessing sensitive data, employees are leaving the back door open to hackers. CIOs are currently in a difficult position. They either ban BYOD completely or implement long, complex passwords, which are vulnerable and unfit for use on mobile devices. The best approach is to turn the mobile device from a vulnerability into a secure authentication device which acts as the first line of defence to protect corporate data being accessed on it. The widespread apathy towards company data shown by the report highlights the need for companies to act quickly and robustly to protect their own data or risk major security incidents.”
All figures are based on an independent survey of 1,213 UK employees across all adult age groups, by Atomik Research during June 2014.
