Many businesses are ill-prepared to handle BYOD device security
A majority of businesses are not prepared to deal with hacked or stolen BYOD devices, yet two-thirds allow their employees to bring personal devices to access corporate data, according to a survey of 250 companies by research firm ITIC and security training firm KnowB4.
A full 43 percent of respondents said they currently have no designated BYOD security policy. Only 13 percent of respondents said their firms have specific policies in place to deal with BYOD deployments, while another nine percent indicated they were in the process of developing BYOD procedures.
Half of the respondents said their employee and company-owned mobile devices may have been hacked in the last year. A disturbing 40 percent of businesses admitted they were "unsure," "had no way of knowing" or "do not require employees to inform them" if their devices have been hacked.
The survey found that 55 percent of enterprises are not beefing up their existing security measures despite the recent high profile security attacks. The firms that are beefing up security are installing the latest security fixes and patches, conducting security audits and vulnerability testing, and implementing security training for IT and end users.
A strong 80 percent of respondents said that anti-virus software, intrusion detection and firewalls are the most effective measures to safeguard their networks, while 65 percent said endpoint security was the most effective measure. Around 60 percent of survey participants cited physically limiting access to the server room and data center and providing end-user security awareness training as also being crucial to security.
"Mobile devices are the new target-rich environment. Based on lessons learned in the early days of the personal computer, businesses should make it a top priority to proactively address mobile security so they avoid the same mistakes [of the PC era] that resulted in untold system downtime and billions of dollars in economic loss," comments Kevin Mitnick, chief hacking officer at KnowB4.
- check out the ITIC/KnowB4 release