Skip to main content

Why Every IT Department Should Have a BYOD Policy

Do you encourage a BYOD (Bring Your Own Device) culture in the workplace? If you answered "yes" then you should consider the risks associated with consumers using their own mobile devices to connect with the company network.

Millions of applications are downloaded to smartphones, tablets and other mobile devices daily, and a large percentage access information that could put your employees’ privacy - and any sensitive company data - at risk.

Bit9 analysed more than 400,000 Android apps in Google Play and the results are a wakeup call to many IT professionals. 72 per cent of apps use at least one permission that gives the app access to private data or control over the smartphone’s functionality.

When researching the publisher and number of high-risk permissions requested, and the category of the application, Bit9 classed 25 per cent Android apps as suspicious. While these 100,000 apps may not be malicious, they do perform questionable tasks and have access to private data. And this a problem for enterprises allowing BYOD.

If you deploy technologies to protect your network and intellectual property, your company should implement a BYOD policy. If you don’t - and staff are allowed to use their devices at work with few, if any, restrictions on what other programs are running - your business could face a security nightmare.

We also conducted a survey of IT decision makers responsible for mobile device usage policy for more than 400,000 employees and found that 71 per cent do have a BYOD policy. Mobile devices are being used to access corporate email, documents, and contacts, but less than a quarter of those surveyed have visibility into what else is running.

When a smartphone is used for business, the line between personal data and corporate IP is blurred. The risk for IT departments is not just in losing control over business data; contacts and emails can be used to launch sophisticated spear-phishing or other targeted attacks.

If you encourage a BYOD culture, you should encourage staff to consider permission requests by the apps they download. Don't automatically check "Yes" to every request and be cautious if, for example, a wallpaper app asks to use GPS data. Consumers needn’t be paranoid that every app is a potential threat, but they should be aware of the possibility and act responsibly.

Harry Sverdlove is the CTO of Bit9. The company is exhibiting at Infosecurity Europe 2013, the No. 1 industry event in Europe held on 23rd – 25th April 2013 at the prestigious venue of Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit