Could using your own devices at work be a security risk?

Could using your own devices at work be a security risk?It seems every business under the sun is making use of smartphones and tablets now - but they may be putting themselves at huge risk in doing so. At least, that's according to a report from PwC.

The problem is that many are allowing their employees to use their own devices and therefore, allowing a backdoor route for hackers and naughty folk who want to get through security.

The key points are that more than half (54%) of small organisations don't have a security awareness programme and a fairly substantial number (46%) have experienced  some form of breach by their staff using personal devices. Apparently, 61% of business allow their staff to use smartphones and mobiles that belong to them but only 24% apply a data encryption policy.

Here's what PwC says on the matter:

"With the explosion of new mobile devices and the blurring of lines between work and personal life, organisations are opening their systems up to massive risk. Smart phones and tablet computers are often lost or stolen, with any data on them exposed. Mobile devices can literally drill straight through your security defences, if you're not careful."

"However, organisations aren't responding to these new challenges. Just as we saw a decade ago with computer viruses, companies are slow to adjust their controls as technology usage changes. It's vital to tell your staff about the risks. If you don't, your own people could inadvertently become your worst security enemy. It's clear how important smart phones and tablets have become - as confidential data is increasingly stored on them, the chance of data breaches increases."

It's a common phenomenon now - lots of employers deliberately hold back on giving staff the BlackBerrys of old. Especially in these hard times. The reason being that lots of workers who own their own BlackBerrys, iPhones, Android devices and so on are quite happy to add a work email account as well or may just connect automatically when they enter the building.

Obviously, this isn't something that'll affect the majority of big businesses who still opt for tightly controlled electronic devices but smaller companies don't - on average - apply the same stringent procedures.

"Setting out your security is essential to ensure staff know what risks to look out for, how to handle data appropriately and what to do if a breach occurs. The root cause of security breaches by staff is often a failure by organisations to invest in educating staff about security risks. Yet organisations are failing to promote a culture of security awareness so staff are often unaware of the risks they're posing," they continue.

"Often, breaches occur through ignorance rather than malice. Possession of a security policy by itself does not prevent breaches; staff need to understand it and put it into practice. The survey results show a clear payback from security awareness programmes – education leads to greater understanding which in turn leads to fewer breaches. Unfortunately, the survey results also show that it often takes a serious incident before companies train their staff."

Via TechRadar

Add a comment

You don't need an account to comment. Just enter your email address. We'll keep it private.