It’s often said that bring-your-own-device (BYOD) schemes begin when a CEO or senior manager insists on being allowed to use a shiny new tablet or phone despite there being no official support for it. What’s all too often ignored in this scenario is that the more senior the staff member, the higher the risk posed if their mobile device isn’t properly secured.
Tablet picture from Shutterstock
That point is underscored in a recent survey of 4300 IT pros (including 390 in Australia) by Acronis. That study found that the majority of workplaces (57 per cent in the Australian numbers) didn’t have any kind of official BYOD policy in place. In the modern environment, that seems wilfully ignorant.
Amongst those workplaces which did have a policy in place, 27 per cent were willing to make an exception to those rules for executives. “Whilst most organisations are allowing BYOD, most do not have a policy in place that governs how those devices need to be managed,” Simon Howe, APC sales director for mobility solutions at Acronis, told Lifehacker. “Those that do have a policy are then making exceptions for the executives or for individuals who have particular requirements.”
While I understand that arguing with someone above you in the food chain isn’t always an option, if the policy is going to be ignored whenever someone demands special treatment then effectively you have no policy at all.
It isn’t an easy problem to solve. “IT pros are facing the challenge of balancing security of devices with the necessary access and availability,” Howe noted. “They need to make sure that the devices are adequately protected an d compliant but they want to see the productivity benefits of BYOD. Whilst the productivity benefits seem to be clear to organisations, I don’t think there’s so much awareness of the risks. ”
With that said, ignoring the basics isn’t very sensible. The survey found that just 32 per cent of Australian organisations required staff to use a password or equivalent locking solution on personal devices. That’s a universally available feature which everyone should take advantage of.
While it isn’t always feasible to install software that manages those platforms, the big opportunity that is being missed is training. Only 20 per cent of firms undertake any sort of education in how to use personal devices or public cloud solutions safely. “Organisations aren’t putting any training in place. They aren’t training their staff in any way,” Howe said. “You do need the ear of your workforce to implement and maintain policy.”
The big lesson? If you don’t tell employees how to do things safely, it’s a lot harder to complain when they don’t.