Remote work drives BYOD, but security is not keeping pace

Remote work drives BYOD, but security is not keeping pace

As the shift to remote work has increased because of the COVID-19 pandemic. many businesses are embracing remote working along with BYOD in the workplace. However, cyber security processes are not keeping pace with this change.

The policy of “bring your own device” (BYOD) allows employees to work flexibly with personal and mobile devices. This increases productivity and employee satisfaction. However, the complexity of the security requirements also shifts, and organizations must use the correct tools to secure corporate data that is accessible on these personal devices.

To make the challenge even more pronounced, the expansion of the “extended workforce”— contractors, partners, customers, and suppliers— lends itself to new use cases (new apps and new unmanaged devices) that can’t be managed via exception. As a result, most organisations are faced with a fundamental question: how do we increase productivity without compromising the security of sensitive information?

Cloud Security company Bitglass has released its 2020 BYOD Report, which analyses enterprise use of bring your own device (BYOD) as well as the state of personal device security within organisations.

For the report, Bitglass partnered with a leading cybersecurity community and surveyed IT professionals to understand how their businesses have enabled the use of personal devices, what their BYOD security concerns and challenges are, and what actions they have taken to protect data in an increasingly remote and flexible work environment.

As the shift to remote work has increased, most businesses are embracing BYOD in the workplace. 69% of respondents said that employees at their companies are allowed to use personal devices to perform their work, while some enable BYOD for contractors, partners, customers, and suppliers.

While the use of personal devices in the work environment is growing rapidly, many are unprepared to balance security with productivity. When asked for their main BYOD security concerns, 63% of respondents said data leakage, 53% said unauthorised access to data and systems, and 52% said malware infections.

Despite the concerns, the research shows that organisations are allowing BYOD without taking the proper steps to protect corporate data. About half of the surveyed organisations lack any visibility into file sharing apps (51%), 30% have no visibility or control over mobile enterprise messaging tools, and only 9% have cloud-based anti-malware solutions in place.

Compounding these problems are results that demonstrated that organisations need physical access to devices and even device PINs to secure them. This may be acceptable for managed endpoints, but it is a clear invasion of privacy where BYOD is enabled.

“The top two reasons enterprises hesitate to enable BYOD relate to company security and employee privacy,” said Anurag Kahol, CTO of Bitglass. “However, the reality is that today’s work environment requires the flexibility and remote access that the use of personal devices enables. To remedy this standoff, companies need comprehensive cloud security platforms that are designed to secure any interaction between users, devices, apps, or web destinations.”

It's clear that allowing employees to BYOD has many advantages. However it’s crucial that the risks of this policy are also evaluated, especially those relating to data security, and appropriate steps are taken to mitigate them.

To see all of Bitglass’ findings, download the full report here: (registration required)

Copyright Lyonsdown Limited 2021

Top Articles

Usability and email security

When employees understand how their behaviour impacts email security, they become much more efficient at detecting scams, preventing data breaches, and protecting sensitive information.

The pen testing guide you never thought you needed, until now…

Security testing should be at the centre of any cyber strategy,

Institute of Cyber Digital Investigation Professionals launched

CIISec & College of Policing are announcing the independent launch of the Institute of Cyber Digital Investigation Professionals (ICDIP)

Related Articles