Millions of new devices have been bought and activated over the holidays. We saw that 2015 Black Friday sales showed some of the highest increases in new device activations for the iPad mini and a number of smartphones, with Apple product activations topping those in 2014. With Christmas now behind us, we’ll see an even larger spike in new device activations for all the tablet, smartphone and laptops gifted this holiday season.
Within a matter of days, these devices are going to be coming to work with your employees. Whether you actively support BYOD or not, these devices will become part of your corporate structure. Employees will find ways to use their devices for work, sanctioned or not. Chances are, many employees won’t even bother to ask if they can work from their new device, they will just proceed to do so. In the UK, nearly 60% of employees are using devices for work that are entirely unmanaged by IT. In the US, 53% of organizations lack a formal BYOD policy, let alone processes and technologies to manage these devices. Unsanctioned BYOD, or poorly managed BYOD, fuels the growth in Shadow IT.
The endpoint is a huge security threat, with as many as 36% of cyber security incidents can be tied back to attacks on mobile devices, plus breach incidents tied back to data held on lost or stolen devices.
So, assume that this huge spike in device activations for the 2015 holiday season means that Shadow IT in your organization is growing. The question, then, is how to put the spotlight on more of these devices to bring them back under IT control. Rather than putting up walls to prevent the growth in mobility, we suggest organizations embrace BYOD and implement ongoing security training about safe use of personal devices. As we come out of the holiday season, now is a good time to remind employees not only of smart mobile behaviours (around phishing, reporting of incidents, WiFi use etc), but to re-assess BYOD policies. Does your network recognize or prevent new devices from connecting? How do you secure devices? Do you have automated alerts to know where devices are and if data is at risk?
A persistent endpoint security solution such as Absolute DDS goes beyond visibility with automated alerts, based on security policies, and response tools to remotely freeze or disable devices, delete or copy data, and prove compliance in an audit report. Learn more about how Absolute can help you bring your data out of the shadows at Absolute.com or read some of our thoughts on how employees are moving around data in our whitepaper, ‘The Enemy Within – Insiders are still the weakest link in your data security chain.’