Recipe for disaster? Four in ten “BYOD” owners use no security measures at all

Four out of ten employees who use their own mobile devices at work fail to use basic security measures such as PIN codes - and the trend for "BYOD" could be putting company information at risk, according to a survey carried out by a mobile phone insurer.

The survey, of 1,000 adults, found that 43% of “bring your own device” users had no protection at all on their devices. Less than a third - 31% - use PINs or passcodes on their devices.  Just over a quarter of the UK adults surveyed used either a company data encryption service, or an online user self-service portal on their devices.

ESET Senior Security Researcher Stephen Cobb said, in a detailed blog post describing the risks of BYOD, “The phenomenon of organizations allowing or encouraging their employees to use their own computing devices for work–known as Bring Your Own Device, or BYOD–is now widespread in many countries, bringing with it some serious risks to company networks and data.”

ESET’s research identified unlocked devices as one of the security threats facing companies in the wake of BYOD, along with sharing devices with other people, and using public Wi-Fi networks.

Phone insurer Protect Your Bubble, which carried out the research via research firm Atomik in the UK, said that employees also seem unconcerned about the risks to their employers - with only 21% of BYOD owners say they would be concerned if they lost their devices due to the threat of others accessing sensitive and private information.

Stephen Ebbett, director of Protect Your Bubble, comments: “The BYOD culture benefits employees who, understandably, want just one all-singing smartphone to do the job of two, but it can make businesses more prone to security breaches if devices fall into the wrong hands. Training employees to properly configure their security settings, to not open attachments from unverified sources, and controlling or limiting access to more sensitive data from portable devices are three examples of precautions businesses can take.”

Cobb says, referring to ESET’s research, “A big clue as to why these BYOD risks exist is the finding that two thirds of organizations have not implemented a BYOD policy. And a strong indicator that the risks are real is provided by the final statistic in the BYOD infographic: a quarter of those surveyed said that they have been a victim of hacking or malware on a device they own.”