ISACA’s Online Holiday Shopping and Bring your own Device (BYOD) Security survey shows that 50% of the UK employees questioned will use their smartphones to gain bargains and avoid crowds this Christmas. Since these same devices will be used for corporate work, ISACA believes that business should embrace rather than deny the new technology. “It is critical for companies to embrace the technology, and educate their employees on the risk,” says ISACA.
One in 10 employees will use shopping apps. Given the recent upsurge, particularly in Android malware and malicious apps, this should be of particular concern. But the users themselves are concerned about the geo-location feature of mobile devices. As many as 75% say “they would turn off user location tracking because of fears surrounding stalking and identity theft.”
One apparent solution for companies would be to supply the mobile devices for their employees. By retaining legal ownership, the company would be better able to control security on it. But only 10% of employees use work-supplied smartphones, while 54% say they use personal devices for work. Furthermore, half of the respondents admit that they “are more concerned with protecting the security of their own PC or smartphone than their work-supplied computer or smartphone.”
ISACA believes that the real solution is in education and company policy. When taking advantage of online deals, says ISACA director Marc Vael, “employees also have to be aware that they are placing not only their own security, but also their organization’s information, at risk. It is important to provide education and take precautions since the BYOD trend is here to stay.”
“Setting a policy for the use of personal smart devices and effectively communicating it to employees is crucial,” adds John Pironti, a security advisor with ISACA and president of IP Architects.
To this end, ISACA offers 5 tips for employees using mobile devices: understand the company’s policy for using a mobile device, understand what happens if it is lost or stolen, understand the implications of geo-location tagging, encrypt all personal and sensitive data, and only load apps from a trusted provider.