It seems that allowing employees to use their own devices is an inevitable trend for most businesses. Yet a new survey by Software Advice finds that only 39 percent of workplaces have policies in place to cope with BYOD.
Businesses need to deal with the risks that BYOD brings. This includes the loss of visibility once company data is transferred to a personal device, privacy and legal concerns and the threat that devices could be compromised.
Over half of respondents to the survey said they'd transferred company files to their own devices, 35 percent said they never transferred anything sensitive, but may well be deciding what "sensitive" means for themselves.
When it comes to keeping devices patched, only 49 percent said that they implemented security updates when they were released. A worrying 11 percent say they never install updates.
Software Advice recommends that a BYOD policy should ensure devices are protected by a password and that these must be of minimum length. It should also bar the downloading of apps other than from an approved list.
Mobile device management (MDM) solutions can add an extra layer of protection beyond BYOD policy by enabling password rules to be enforced and devices to be remotely wiped in the event of problems.
It's important to note that mobile devices pose less of a risk than PCs. Rick Doten of enterprise mobility firm DMI Inc says, "Mobile users won’t 'infect' a network like a PC can. There isn't a concept of mobile 'malware,' it's really only malicious apps that access data on the phone (which you unknowingly allow it to), or features on the phone, like your microphone or camera".
The malware risk from PCs is greater since they're often used for handling more sensitive data. Doten says that a virtual desktop may be the best solution for BYOD users, "It provides the user with a virtual environment that keeps all data on the server, and the user interacts with it like a mainframe. Nothing is stored on the user’s device, and the session is gone when they log out".
You can read the full report and recommendations on Software Advice's Intelligent Defense blog.