Smartphone users who bring their own devices to work are not concerned about security – and just a third (27%) of those who had security problems admitted this to their employer.
One in four business users admitted that their private device had caused a security issue in the past year, according to a Gartner survey.
The survey, of 995 U.S. employees who used a personal mobile device for work, found that, on average, they used their smartphones and tablets for one hour per day for work purposes.
Meike Escherich, principal research analyst at Gartner, said, “The threat of cyber attacks on mobile devices is increasing and can result in data loss, security breaches and compliance/regulatory violations.”
“One of the biggest challenges for IT leaders is making sure that their users fully understand the implications of faulty mobile security practices and to get users and management to adhere to essential steps which secure their mobile devices. For many organizations, overcoming BYOD security challenges is a full-time task, with a host of operational issues.”
Many businesses are not considering the risks posed by BYOD – such as sensitive files leaving offices on unsecured devices. A survey late last year, reported by We Live Security found that 40% of companies did not even consider BYOD as a threat.
Earlier this year, Rolf von Roessing, head of security trade body ISACA said that in many workplaces, security teams were facing a “tidal wave” of challenges caused by mobile devices.
“For effective protection, security professionals need access to mobile operating systems, but this is not always possible and consequently 30% to 40% of devices are under the radar,” said von Roessing.
Gartner’s survey found that company policies confused the issue further.
The researchers wrote, “A third of respondents have employers who are aware but don’t have a policy in place, and the rest said their employer was either not aware or they didn’t know. This means 59 percent of survey respondents who regularly use their private devices for work have not yet signed a formal agreement with their employer.”
Author Rob Waugh, We Live Security