Corporate data at risk from workers’ lack of knowledge or concern about BYOD policies
LONDON – Leading digital identity expert Intercede today revealed the results of its latest research The Rise of the Identity Centric Economy, which found the security of corporate data across the UK is being compromised by workers’ ignorance of the BYOD policies their employers have in place.
The survey of 1,213 UK employees across a range of industries revealed that almost a quarter (23%) were completely unaware of the BYOD policy of their employer. A quarter of those surveyed accessed company data on their own smartphone or tablet with 7% doing so without permission. Overall, 21% knew they needed permission to access corporate data but hadn’t asked for it, while 40% believed they would be able to access it without prior consent.
Currently, 40% of workers use a company or personal mobile device to access secure corporate data with almost one in five (19%) leaving themselves signed in at all times. Just 5% of respondents were concerned that if they lost their handset corporate information would be compromised – highlighting the need for robust security measures on the handsets themselves.
Of those who have password protection in place, 21% of employees were put off logging-in on mobile devices due to credentials being ‘too long and complicated to remember’, while 12% believed the whole process was too complicated and avoided using mobile devices for work purposes at all. Most worryingly 8% of workers had used ‘shadow IT’ – methods outside of the company technology team – to gain access to work emails without the company’s permission.
Richard Parris, CEO of Intercede said: “By bypassing companies’ BYOD policies and not taking regulations into account when accessing sensitive data, employees are leaving the back door open to hackers. CIOs are currently in a difficult position. They either ban BYOD completely or implement long, complex passwords, which are vulnerable and unfit for use on mobile devices.
“The best approach is to turn the mobile device from a vulnerability into a secure authentication device which acts as the first line of defence to protect corporate data being accessed on it. The widespread apathy towards company data shown by the report highlights the need for companies to act quickly and robustly to protect their own data or risk major security incidents.”
All figures are based on an independent survey of 1,213 UK employees across all adult age groups conducted by Atomik Research during June 2014.