IT | Security

Employees Lack Concern for BYOD Policies

By: Absolute Team | 7/25/2014

According to our own findings, 25% of US employees believe that data is security is “not their responsibility,” so they should not be held accountable if they leak or lose company data. Given that 59% of employees believe the corporate data on their phone is worth less than $500, it’s clear that this mentality of “it’s just a phone” or “it’s no big deal” is contributing to data breaches that could cost organizations millions of dollars in penalties, legal fees, and loss of customer trust.

Paula Musich recently discusses this problem of employees either unaware of or ignoring policies in place to protect corporate data, particularly on BYOD devices. Employees admit to accessing corporate data from unsecured public wireless networks, not protecting their passwords, accessing personal apps, and outright ignoring formal BYOD policies.

Paula offers some tips on how CIOs and CISOs can ensure compliance, using a combination of interactive education and enforcement:

  • Have interactive and specific security training on mobile issues
  • Ensure employees understand the business and personal terms of not complying with formal policies
  • Require training before granting BYOD use
  • Require that BYOD devices use corporate-supplied MDM software
  • Consider alternatives to BYOD such as COPE (corporate-owned personally enabled) programs
  • Attach real consequences to non-compliance
  • Include mobile compliance as part of annual performance reviews

These are great tips to help ensure that employees understand the value of data on smartphones and tablets, as well as their responsibility in protecting that data. As the list suggests, organizations cannot rely entirely on trust in the management of devices and corporate data - mobile device management solutions such as Absolute Manage are essential for the remote ability to configure, query, and even wipe or lock managed devices.