The BYOD Paradox: The Riskiest Employees Get To Take The Most Risks

It's often said that bring-your-own-device (BYOD) schemes begin when a CEO or senior manager insists on being allowed to use a shiny new tablet or phone despite there being no official support for it. What's all too often ignored in this scenario is that the more senior the staff member, the higher the risk posed if their mobile device isn't properly secured.

Tablet picture from Shutterstock

That point is underscored in a recent survey of 4300 IT pros (including 390 in Australia) by Acronis. That study found that the majority of workplaces (57 per cent in the Australian numbers) didn't have any kind of official BYOD policy in place. In the modern environment, that seems wilfully ignorant.

Amongst those workplaces which did have a policy in place, 27 per cent were willing to make an exception to those rules for executives. "Whilst most organisations are allowing BYOD, most do not have a policy in place that governs how those devices need to be managed," Simon Howe, APC sales director for mobility solutions at Acronis, told Lifehacker. "Those that do have a policy are then making exceptions for the executives or for individuals who have particular requirements."

While I understand that arguing with someone above you in the food chain isn't always an option, if the policy is going to be ignored whenever someone demands special treatment then effectively you have no policy at all.

It isn't an easy problem to solve. "IT pros are facing the challenge of balancing security of devices with the necessary access and availability," Howe noted. "They need to make sure that the devices are adequately protected an d compliant but they want to see the productivity benefits of BYOD. Whilst the productivity benefits seem to be clear to organisations, I don't think there's so much awareness of the risks. "

With that said, ignoring the basics isn't very sensible. The survey found that just 32 per cent of Australian organisations required staff to use a password or equivalent locking solution on personal devices. That's a universally available feature which everyone should take advantage of.

While it isn't always feasible to install software that manages those platforms, the big opportunity that is being missed is training. Only 20 per cent of firms undertake any sort of education in how to use personal devices or public cloud solutions safely. "Organisations aren't putting any training in place. They aren't training their staff in any way," Howe said. "You do need the ear of your workforce to implement and maintain policy."

The big lesson? If you don't tell employees how to do things safely, it's a lot harder to complain when they don't.


Comments

    I'd just say having a pin number on your phone is a good idea (I know I do), considering the personal information throughout.

    And when you put anything work related on it, then it should -definitely- be locked to some point. Commercial confidence at least.

    BYOD is simple: Everyone loves it, except IT departments. IT departments have never had even the slightest bit of success protecting sensitive data when it leaves the workplace anyway (See the 608 million most recent leaks here http://www.privacyrights.org/data-breach).
    IT departments hate it because it erodes their power, and because Systems Admin jobs seem to attract megalomaniacal control freaks in general.

    As usual, another article written on how Angus knows whats best for all business - going so far as to say:
    didn’t have any kind of official BYOD policy in place. In the modern environment, that seems wilfully ignorant.

    Look. It seems pretty straight forward, speaking from the point of view of a company who currently has no BYOD policy.. If there is a good enough business case for that person to have a specific device - whatever it is - then it really isnt an issue to buy that person the device they want, as a company device..

    Personally, I haven't heard any complaints from anyone who gets a "free" laptop simply because they now have a work one, and a personal one.. And in most cases given the state of their personal devices (rife with adware at the bare minimum), are happy to not have to worry about their own device spreading something from a personal-use application, uinintentionally or otherwise.

    The only people who DO complain, are those who don't actually have a legitimate business case, and thus get nothing... But as soon as they can make a case as to why they need it, it really isn't a problem..

    Your way is not the only way, and your ongoing arrogance in phrasing really is quite astounding.

Join the discussion!

Trending Stories Right Now