GFI Software recently released a report based on survey data that gives some interesting statistics on where people use their devices most. In a BYOD world, trying to give appropriate corporate access without forfeiting security on personal devices, these statistics are valuable. With more and more companies allowing employees to utilize their personal devices for work and play, there's more at play than just tracking access to the company infrastructure. Understanding how to precisely secure the business against data theft and unapproved access means looking at all aspects of security. Allowing end-users to connect their own devices to the corporate technology structure over public networks without a proper, business-enforced security plan is like securing the front of the house, but leaving the backdoor wide open.
Grab the full GFI Software survey report (PDF) here: GFI - US
Just behind 'at home' and 'at work,' GFI Software's report shows that the 3rdtop location (83%) employees use their mobile devices is on public transport. With many companies allowing employees to purchase and use their own devices, and then separating out the personal and business costs for the service billing, many employees connect to free Wi-Fi when possible to save personal cost. Public Wi-Fi networks are some of the most unsecure connections, and should be causing businesses with BYOD implemented a lot of a concern.
On a later page, the report confirms this, showing that only around 12% of those surveyed will not connect to free Wi-Fi when available, meaning that a huge majority of employees are actively seeking to connect to free Wi-Fi hotspots. Coffee shops and restaurants top the popular locations list, with public transportation filling up the other spots. And, then even later on, 66% of respondents are worried that corporate data could be intercepted or stolen when connected to public Wi-Fi. There seems to be a bit of a disconnect there. If employees are worried about data leaking from the corporate network through their personal device, why do they continue to actively connect? Cost may be one reason, but I think understanding proper security, or at least, expecting the employer to maintain proper security for them, is a bigger factor.
Shockingly, when surveyed, of those that participated, 97.3% are part of a BYOD program where their main mobile device is personally owned. That's a large number to me, and doesn't fit with what I'm aware of – so the collection of survey participants may be skewed somewhat. However, the report shows that the majority of BYOD participants are left to create their own security measures, again highlighting how important it is that businesses get a handle on end-user security for mobile devices. This seems to indicate that many companies are implementing BYOD, giving access to the personal devices, and then forgetting about them. Training is important, but in the end, businesses need to take the time and develop a strategy for managing and securing any device that has access to company data and apps no matter how they connect, or one morning, corporate management will wake up and be alerted that the entire business structure has been compromised.
So, how are you securing your BYOD-enabled employees? Do you have a solution for securing the devices over public Wi-Fi already?