BYOD introduces gaping security holes for businesses

“It’s inevitable that in any company, small or large, many employees will use personal devices to connect to the corporate network and access confidential data,” said Alexander Erofeev, chief marketing officer at Kaspersky Lab, which just completed a survey by B2B International on enterprise security risks, touching on BYOD. “For employees, it’s natural to use their smartphones and tablets – without even considering the possible dangers.”

About 72% of companies expect to embrace BYOD extensively in the near future, according to the report. Results from the research indicate that 50% of these companies plan to actively support BYOD, encouraging staff to use their own computers and devices for work. The other half sees BYOD as inevitable, whether encouraged or not.

Taking a closer look at the emerging security issues, the study showed that the most serious problems for IT professionals when it comes to malware, spam and unauthorized attempts to penetrate the system are still caused by software vulnerabilities, but problems linked to the use of mobile devices to access the corporate network are on the rise. The seriousness of this latter issue has increased over the past year, with one-third of respondents describing the lack of control over mobile devices as a serious problem. A full 10% of respondents said they had experienced critical information leaks due to the loss or theft of a mobile device.

The part of the survey that dealt with security policies for mobile devices showed that one-third of companies allow their employees to use them with full access to the corporate network and its resources. By doing so, they are creating a gaping hole in their security, Erofeev noted. When it comes to corporate security policies for personal devices, the findings “are not very encouraging either,” he said. The survey found that 19% of respondents plan to restrict the level and nature of personal device usage, but only 9% plan to introduce tough restrictions. A significant proportion of the respondents (36%) stated that their companies would approve of using personal devices for work-related tasks.

That’s why companies need to implement security policies that safeguard both corporate and personal mobile devices, said Erofeev.

Interestingly, BYOD is banned more frequently by larger organizations. While 12% of companies overall do not intend to allow personal devices into the workplace in the immediate future, that number drops to only 7% for smaller businesses.

What’s hot on Infosecurity Magazine?