UK businesses risk data loss with BYOD policies

By allowing you to bring your own, unprotected mobile devices to work (BYOD), UK businesses risk losing data, a new research suggests.

Forty per cent of UK businesses have no security or policies in place to prevent unauthorised employees from accessing what they shouldn’t, the research by Arlington Research and Acronis found.

The research, done in May, also says there are no policies to prevent sharing sensitive company information using personal phones and devices like iPads, Android devices and other.

Forty per cent of respondents also admitted to having no policy in place to specify how employees should use their own personal devices in work.

One in five UK employees admit to losing a personal device, which had sensitive company data on it, research suggests.

The number of people using their personal devices for work is not negligible – 60 per cent of the UK population are using their personal devices for work. This highlights a “staggering gap in data protection and lack of control by UK businesses – especially for the rising population of mobile workers,” Acronis says in a press release.

“It also confirms how the average UK employee can easily access sensitive company and customer information, using it for their own benefit.”

The study also discovered 40 per cent of businesses have an opportunity to better train their employees to understand the risks involved in mobile privacy and protection. To help protect against data loss due to mobile device use, Acronis has created five top tips for UK businesses to consider:

  • Create a mobile security policy – Creating a mobile device security policy doesn’t have to be complicated, but it needs to encompass devices, data and files. The simplest place to start is to ensure employees use a device key-lock and password protection. Whether you opt for VPN security, key locks, Active Directory Monitoring or endpoint security, the choice is yours. But it is time to make a policy — and stand by it.
  • Stop making exceptions to your policy – We all know that rules are not meant to be broken; so why aren’t businesses taking their own IT policies seriously? Don’t make any exceptions, especially to senior personal. Those with access to presumably the most sensitive data in the organisation are usually allowed to break the rules. Does your CEO know his tablet could take down the business?
  • Make data protection everyone’s responsibility – Many businesses allow employees to bring smartphones, tablets and even their own Macs or PCs into the office. Although this improves productivity and increases collaboration, a little education is needed to prevent the risks. If everyone understands the privacy risks involved with their own devices, your data could be safer and you would feel more comfortable loosening the reigns.
  • Don’t underestimate the dangers of public clouds – When it comes to data protection, you have to worry about more than just devices. Everyone, at some point, has been guilty of saving corporate presentations or other files and documents in free public clouds, like Dropbox and Google Drive. It’s convenient instant access, but public clouds are not secure, and leave data constantly vulnerable in the digital ether, so be careful.
  • Don’t punish mistakes too heavily – We’re all human and make mistakes. So if an employee loses a personal device, with access to your data, don’t go mad and start handing out P45s. Create a culture where employees feel happy to report the loss and you can act quickly. There is nothing worse than not being aware of a possible disaster.