New research suggests the trend of Bring Your Own Device (BYOD) policies could be placing increased pressure on business’ security operation and putting them at risk of financial penalties.
A study from BAE Systems Detica, conducted by YouGov, found that 73 per cent of office workers use one or more personal devices, such as smartphones, for work in a typical week. Nearly half (45 per cent) were found to use two or more.
The findings demonstrate potential security risks for businesses, especially following recent Information Commissioner’s Office guidance which stated companies are accountable for loss of data by employees, irrespective of if it was on a work or personal device.
Over a third of respondents in the study said they had failed to update the security on their personal device in the last six months, with 11 per cent admitting they had never installed or updated security on the device.
Nearly one in five (18 per cent) of workers surveyed admitted they had experienced a security compromise to their personal device in the past six months. Worryingly, some 50 per cent of the respondents did fail to recognise that their unsecure personal devices could potentially leave their employer vulnerable to a cyber-attack.
While BYOD has the capability to create potential security risks for businesses, the companies themselves are shown to be lagging behind. The study found that 27 per cent said their employer had not outlined any policies or security plans for workers using their personal devices for work purposes.
Vincent Geake, director of secure mobility at BAE Systems Detica, claims the research showed that staff are willing to engage and share their responsibility for security, however employers need to take the lead and educate workers about the risks associated with BYOD.
“This is even more pertinent given that responsibility for a security breach involving customer data lies with the company itself and not its staff,” he said.
“BYOD policies improve flexible working and allow businesses to be more agile, however if firms fail to protect their employees’ devices, they risk incurring increasing disclosure and financial penalties, not to mention the likelihood of falling victim to cyber attack.
“The message is clear for employers, engage with your employees and understand the way they want to use personal devices and how this will help your business. Conduct a prioritised assessment of the risk this represents and develop a clear policy explaining how your employees should use these devices and setting out the security measures you need to protect your information.”
BAE Systems was recently announced as one of nine companies to join the Centre for the Protection of National Infrastructure, Government Communications Headquarters and the Ministry of Defence in the Defence Cyber Protection Partnership.
The Ministry of Defence is looking to boost its security systems by working alongside companies in the defence sector to develop a best practice for dealing with cyber-attacks.