For quite some time the BYOD paradigm had been considered an uphill trend. As with any other, one day it either rolls down or becomes an established practice. With BYOD it is apparent that it has established itself: a recent Kaspersky Lab’s study shows that 62% of business owners and employees use personal mobile devices for work, no matter the company size. But has this practice matured?
Doesn’t seem so
The same study shows that 92% of respondents keep sensitive corporate data on smartphones and tablets which they use for both work and personal activities.
#BYOD practice: developed, still immature. #protectmybizTweet
At the same time, the smaller the business is, the less its owners are concerned about mobile security. A third (32%) of small business owners and employee see absolutely no danger to their business in staff using personal mobile devices for work. The risk of data theft from an employee’s mobile device is not considered a pressing concern for them, so they do not pay much attention to it.
This is supported by the previous studies of smaller businesses’ attitude towards mobile security: anything but a top concern.
Representatives of larger businesses seem more cautious about employees losing their mobile devices: 58% fear that the theft or loss of a device could damage the company. But again, it is only slightly more than half.
Representatives of larger businesses are more concerned about employees losing their mobile devices: 58% fear that the theft or loss of a device could damage the company.
Six in ten (60%) are concerned about the threat of surveillance and information theft via mobile devices, but at the same time they do little to protect themselves actively and rely on their employers to do so.
Outrunning the risks recognition
It looks like the development of BYOD in the commercial sector has outrun the recognition of the risks it poses. It’s worth mentioning, however, that similar risks are posed by any new “invasive species” of tech, and there is nothing unseen with BYOD.
However, one thing is somewhat unique to the current situation: “Okay, business owners say, “there must be some problems with security as the IT guys tell scary stories from time to time, and they insist that there must be some protection. Fine, there are freight-loads of free solutions; they must be enough.”
That’s not so. Free solutions may be good, but they mostly provide only basic protection, which is not enough with some advanced and sophisticated mobile threats.
The polled representatives of smaller businesses don’t see any added value in spending extra money on dedicated solutions. More than 80% of respondents were not interested in information about managing the information security of mobile devices.
It’s not surprising smaller businesses need to save wherever possible and cut spending that may seem unnecessary at any given time. But information security should not be one of those expenses since sometimes a single cyberincident – or even such a “vanilla” issue as a lost smartphone with precious data on it – may be enough to jeopardize the business permanently, or at least lead to serious financial losses.
For instance, Kaspersky Lab’s stats show that one in five Android users encountered a mobile threat in 2014; and 53% of such attacks were bank and SMS Trojans.
Maturation of #BYOD happens as soon as seeing “the full picture” is a norm. #protectmybizTweet
Maturation of BYOD will happen as soon as seeing “the full picture” of it becomes the norm among the users – i.e. when people immediately consider not only advantages, but all possible risks and ways to mitigate them so that they don’t meddle with the advantages.
Among the ways of mitigation is protective suites such as Kaspersky Lab’s business products – Kaspersky Endpoint Security for Business and Kaspersky Small Office Security. Either include equally effective protection for both PCs (whether those are corporate or personal) and mobile devices, which is especially important for smaller businesses. Kaspersky Small Office Security allows owners to concentrate on running their business, because it is easy to use and does not require specific IT administration knowledge to protect the company network.