Device and data security is assuming critical significance in the workplace as more and more companies adopt bring you own device (BYOD) policies. This is especially true given the fact that nearly 50 percent of companies reported lost mobile handsets last year. According to IT services specialist ITC Infotech, lack of a stringent BYOD policy nowadays can lead to the risk of a major security breach.
FREE Download: CISO Data Breach Guide
Recent research from Samsung[1] found that 47 percent of UK companies had a company handset lost or stolen in the last 12 months. Almost a third (30 percent) of CTOs were unaware of the number, however. Alongside this, a global survey of CIOs by leading analyst Gartner found that as many of 38 percent of companies plan to stop providing their workforce with devices by 2016[2].
“Laptops, mobiles and tablets can cost many hundreds of pounds per year for each employee, so BYOD has become very attractive. However, far from enjoying flexibility and lower costs, companies that rush into BYOD without a strong policy face considerable risks,” comments Hardeep Singh Garewal, President – European Operations, ITC Infotech.
A Freedom of Information Act request from security software vendor McAfee[3] discovered that 15,000 mobile phones were reported lost on the London Underground in 2013 alone. Only around 2,000 of these were eventually returned. Larger devices also proved to be at risk, with 506 tablets and 528 laptops reported lost.
“For unprepared companies, a lost or stolen device represents a catastrophic security risk, with the potential cost to their business far outweighing the savings. There are many solutions available, but we see many companies failing to implement a clear policy on keeping track of work devices. This hinders them from acting quickly to prevent breaches,” adds Garewal.
[wp_ad_camp_4]
Apart from security, companies also face additional risks if they fail to set a clear boundary between the personal and business functions available on a BYOD device. Many businesses erase personal information along with work data when they wipe or lock a device. This is almost an open invitation for potential legal action on the part of the mobile user if no clear guidelines have been set. ITC Infotech has also found that businesses often fail to track ‘unofficial’ BYOD devices that have remote access, creating further complications for lost devices or when employees leave the company.
Choose Your Own Device (CYOD), on the other hand, offers an increasingly popular solution to both security and personal data concerns. This ensures that full ownership of the device is retained by the company. CYOD also eliminates any uncertainty in safeguarding information on the device whilst still allowing for user freedom in choice and application.
Garewal concludes: “While CYOD means the company must ultimately foot the bill for the device overhead and support, the level of control and assured visibility vastly simplifies issues around privacy and security. However, whether they use BYOD or CYOD, companies that encourage flexible working arrangements must ensure they are prepared to deal with imminent risks or spend all of their time fire-fighting to avoid major crises.”
About ITC Infotech
ITC Infotech provides IT services and solutions to leading global customers. The company has carved a niche for itself by addressing customer challenges through innovative IT solutions.
ITC Infotech is focused on servicing the BFSI (Banking, Financial Services & Insurance), Treasury & Capital Markets (TCM), CPG&R (Consumer Packaged Goods & Retail), Life Sciences, Manufacturing & Engineering Services, THT (Travel, Hospitality and Transportation) and Media & Entertainment industries.
Resources
[1] Samsung research, 12.06.14 – http://www.samsung.com/uk/news/local/security-not-being-taken-seriously-as-business-use-of-mobile-devices-booms
[2] Gartner, 01.05.14 –
[3] V3.co.uk, 12.12.13 – http://www.v3.co.uk/v3-uk/news/2318727/more-than-15-000-lost-mobile-phones-on-london-underground-pose-security-risks
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.