A majority of businesses (53 percent) unprepared to deal with hacked or stolen bring your own device (BYOD) devices, even though half indicated company-owned tablets, notebooks and smartphones may have been hacked in last 12 months, according to a report from ITIC and KnowBe4.
The survey results indicate that 65 percent of businesses now allow end users to BYOD and use them as corporate desktop or mobile devices to access organisational information including email, applications and sensitive data.
BYOD usage can be used to help businesses reduce expenditures and lower the administrative burdens of IT departments as end users manage, maintain and in many cases pay for their own devices. However, the rise in BYOD, mobility and remote and telecommuting users potentially increases the risk of security breaches.
The survey polled 250 companies worldwide in February 2014, finding that 55 percent of organisations are not fortifying their existing security measures despite the recent high-profile security attacks against companies like Target, Skype and Snapchat.
“Mobile devices are the new target-rich environment,” Kevin Mitnick, KnowBe4’s chief hacking officer, said in a statement. “Based on lessons learned in the early days of the personal computer, businesses should make it a top priority to proactively address mobile security so they avoid the same mistakes of the PC era that resulted in untold system downtime and billions of dollars in economic loss.”
Survey results suggested that unless the corporation has strong, effective policy, procedure and security awareness training in place to govern BYOD usage, the company and its sensitive corporate data could be put in a precarious position in the event that a mobile device is lost, stolen or more likely, hacked, a real possibility in recent times.
Eighty percent of firms surveyed said they consider strong anti-virus, intrusion detection and firewalls the most important or critical element and most effective mechanism to safeguard their networks followed by endpoint security.
Some 60 percent of survey participants cited physically limiting access to the server room and data centre, and providing end-user security awareness training as also being crucial to maintaining security.
“These survey findings should galvanise corporations to proactively safeguard data in advance of an expensive and potentially crippling loss or hack.” ITIC principal analyst Laura DiDio said in a statement.
Some 45 percent of businesses surveyed indicated they are taking additional security measures. The top three most popular security mechanisms include installing the latest security fixes and patches (49 percent), conducting security audits and vulnerability testing (36 percent) and initiating computer security training for IT and end users.
The survey also indicated organisations remain divided on who bears responsibility for BYOD device security. More than four out of 10 businesses – 43 percent – currently have no designated BYOD security policies.
Are you a security pro? Try our quiz!
Originally published on eWeek.
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
View Comments
One way to reduce the security risks of BYOD is to use virtualization and HTML5 technologies to keep data and applications separate from personal devices. For example, Ericom AccessNow is an HTML5 RDP client that enables users to connect from most types of devices to any RDP hosts (such as VDI virtual desktops or Windows Remote Desktop Services) and run full Windows desktops or applications in a browser tab.
There's nothing to install on the end user devices, as you only need an HTML5-compatible browser. That protects corporate data by keeping it off the device, and also reduces IT support costs, since IT staff don't need to spend time installing software on so many different platforms. All they need to do is give employees a URL and login credentials.
For an online, interactive demo visit: http://www.ericom.com/demo_AccessNow.asp?URL_ID=708
Please note that I work for Ericom
For BYOD, data security on smart mobile devices is a difficult issue, especially with the use of all the various apps avalable. Some companies are combating this issue with their own data security apps. Example, we are developing our own app for our employees and doctors, using the Tigertext Tigerconnect API for HIPAA compliant texting and Dropbox integration, this will allow an increase in security and compliance but not burden the users will a lot of security protocols and restrictions. The other benefit is that it will work across OS and platforms and it give staff one app that allow IT to control the BYOD situation without making the user feel that they are in control of their deveice. I think the companies are going to have to be innovative with their BYOD policies and technologies in order to give drives that flexibility they need and give the companies the security they need. More info: http://developer.tigertext.com/