Study Finds Companies Lack Effective BYOD Security Measures

Most companies polled in the study said they were not strengthening their BYOD security measures in spite of recent high-profile attacks

A majority of businesses (53 percent) unprepared to deal with hacked or stolen bring your own device (BYOD) devices, even though half indicated company-owned tablets, notebooks and smartphones may have been hacked in last 12 months, according to a report from ITIC and KnowBe4.

The survey results indicate that 65 percent of businesses now allow end users to BYOD and use them as corporate desktop or mobile devices to access organisational information including email, applications and sensitive data.

Security risk

BYOD usage can be used to help businesses reduce expenditures and lower the administrative burdens of IT departments as end users manage, maintain and in many cases pay for their own devices. However, the rise in BYOD, mobility and remote and telecommuting users potentially increases the risk of security breaches.

Intenret email security @ padlock © nobeastsofierce ShutterstockThe findings are part of a joint study conducted by ITIC, a research and consulting firm based in the Boston area specialising in conducting independent surveys tracking crucial trends and KnowBe4, a security awareness training firm.

The survey polled 250 companies worldwide in February 2014, finding that 55 percent of organisations are not fortifying their existing security measures despite the recent high-profile security attacks against companies like Target, Skype and Snapchat.

“Mobile devices are the new target-rich environment,” Kevin Mitnick, KnowBe4’s chief hacking officer, said in a statement. “Based on lessons learned in the early days of the personal computer, businesses should make it a top priority to proactively address mobile security so they avoid the same mistakes of the PC era that resulted in untold system downtime and billions of dollars in economic loss.”

Training

Survey results suggested that unless the corporation has strong, effective policy, procedure and security awareness training in place to govern BYOD usage, the company and its sensitive corporate data could be put in a precarious position in the event that a mobile device is lost, stolen or more likely, hacked, a real possibility in recent times.

Eighty percent of firms surveyed said they consider strong anti-virus, intrusion detection and firewalls the most important or critical element and most effective mechanism to safeguard their networks followed by endpoint security.

Some 60 percent of survey participants cited physically limiting access to the server room and data centre, and providing end-user security awareness training as also being crucial to maintaining security.

“These survey findings should galvanise corporations to proactively safeguard data in advance of an expensive and potentially crippling loss or hack.” ITIC principal analyst Laura DiDio said in a statement.

Additional measures

Some 45 percent of businesses surveyed indicated they are taking additional security measures. The top three most popular security mechanisms include installing the latest security fixes and patches (49 percent), conducting security audits and vulnerability testing (36 percent) and initiating computer security training for IT and end users.

The survey also indicated organisations remain divided on who bears responsibility for BYOD device security. More than four out of 10 businesses – 43 percent – currently have no designated BYOD security policies.

Are you a security pro? Try our quiz!

Originally published on eWeek.