Employees often disregard corporate BYOD policies

by CXOtoday News Desk    Oct 31, 2013


There is a growing tendency among the new-generation of employees to disregard corporate policies governing use of smart devices and technologies that results in higher instances of threats, according to a survey by network security specialist Fortinet. The research also states that with increased BYOD trend, organizations should be more proactive in educating and empowering these employees on the threat scenarios.

Contravening BYOD policy

According to the research, 43% stated they would contravene any policy in place banning the use of personal devices at work or for work purposes. This alarming propensity to ignore measures designed to protect employer and employee alike carries through into other areas of personal IT usage. 42% of respondents using their own personal cloud storage like DropBox accounts for work purposes said they would break any rules brought in to stop them. On the subject of emerging technologies such as Google Glass and smart watches more than half would contravene any policy brought in to curb use of these at work.

Nearly all employees have a personal account for at least one cloud storage service with DropBox accounting. Nearly 85% of personal account holders have used their accounts for work purposes. Out of this, 23% of this group admits to storing work passwords using these accounts, 31% financial information, 28% critical private documents like contracts/business plans, while more than half (59%) store customer data.

Among one of the worrysome findings of the research, 11% of respondents said they would not tell an employer if a personal device they used for work purposes became compromised.

Need to educate employees

The research examined ‘literacy levels’ for different types of security threat, with the results revealing two opposing extremes of ignorance and enlightenment, separated by an average of 24% with minimal awareness. Questioned on specific threats like APTs, DDoS, Botnets and Pharming, up to 51% appear completely uneducated on these types of threats. This represents an opportunity for IT departments to provide further education around the threat landscape and its impact.

Vishak Raman, Fortinet’s Senior Regional Director for India & SAARC. “The study highlights the greater challenge IT managers face when it comes to knowing where corporate data resides and how it is being accessed. There is now more than ever a requirement for security intelligence to be implemented at the network level in order to enable control of user activity based on devices, applications being used and locations.”

Raman believes that educating employees on the threat landscape and its possible impact is another key aspect for ensuring an organization’s IT security.