According to the survey – which took in responses from more than 4,700 members of the not-for-profit IT security association and spanned 84 countries – whilst more employees are taking their own portable devices into the work environment, they are typically more difficult to secure than work devices.
Put simply, says the association, this means that at sensitive corporate information may be compromised.
"The UK consumer survey shows that 54% of employees have a personal device they use for work. BYOD is here to stay," said Marc Vael, the chief audit executive at Smals and director of ISACA, adding that, since most members report that the risk outweighs the benefits, education is strongly needed.
The UK consumer survey shows that 10% say their organizations don't have a policy prohibiting or limiting personal activities on work devices and 20% do not have a policy regarding work activities on personal devices.
Vael, who is also chair of the association's knowledge board, went on to say that 75% of UK consumers say they would turn off location tracking because of risk like stalking or identity theft. More than a third of UK consumers (40%), meanwhile, say they have clicked on a social media link and 15% have clicked on e-mail links from unknown sources.
The research forms part of ISACA's fourth online holiday shopping report and, says Ken Vander Wall, ISACA's international president, it shows that employees are unwittingly risking bringing viruses and malware into work.
The trend that is new this year, he explained, is the BYOD trend, meaning that organizations need to focus on embracing emerging technology and educating employees on security.
Against this backdrop, the association is recommending that employees should find out if their company has a policy for using personal devices for work and understand what happens if that device is lost.
Staff users should also encrypt and password-protect any sensitive data on their device, as well as only load apps from trusted source.
Finally, says ISACA, employees should follow the association's five step route when it comes to using geo-location services.