Cyber-policy woes: one-fifth of workers don't alert IT to BYOD use

The study, which surveyed UK workers, showed that despite the popularity of BYOD, only 54% said that they have a defined BYOD policy in place. The other 46% of UK-based IT decision makers admitted to not having a clearly defined BYOD policy in place for mobile phones and tablets, even though 60% of workers have one.

Meanwhile, a full 67% of business end-users said they either don’t bother to ensure that they comply with company policies around BYOD anyway, or, they say they’re not aware of any specific guidelines that are in place. At least half of the end-users in the survey admitted that they do use personal devices for work purposes, but just over a fifth (21%) admitted that they don’t even alert their IT departments to the fact that they’re doing so – putting their companies at further security risk.

So perhaps it’s not surprising that 63% of employees say that corporate IT is failing to secure all personal devices brought into the business, and that only a quarter (25%) of workers said they are totally confident their personal device had been secured by their IT departments.

“Information security is understandably of great concern to IT professionals, and this research underlines the central position this should take when deciding on corporate IT policy,” said Nick Lowe, vice president of sales and general manager EMEA at AppSense, in a statement. “However, what this research makes clear is that while many have the best of intentions, there are still prominent gaps between where IT departments are in securing users and devices and where they should be.”

For those IT managers who do have a BYOD policy in place, things looked equally dire with only 1% able to say that three quarters or more of their workforce are actively enrolled within their organization’s BYOD program – indicating that security concerns with regard to the consumerization of IT remains a big challenge.

The top three concerns for IT administrators are implementing an appropriate security model (77%), developing appropriate BYOD IT policy (67%) and meeting end-user expectations around corporate IT experience (51%).

“While security will always be a priority for IT departments, the right balance between security and a consistent and acceptable end-user experience must be sought in order to promote productivity,” said Lowe. “Workers have become accustomed to going about their jobs in a way that works best for them, and by putting barriers in place, users will try to find a work around. This is demonstrated by 21% of end-users deciding not alert their IT department to the use of a personal device to access corporate data.”

What’s Hot on Infosecurity Magazine?