Bring your own device (BYOD) means a greater degree of productivity in the work environment, but it also means there is the unintended consequence of increasing the total number of vulnerable devices connecting to corporate networks and accessing corporate data, a new report found.
While the general consensus affirms that BYOD policies increase productivity, corporate IT teams are doing a poor job managing them, according to the report from Rapid 7.
Worse yet, since many of the devices in use belong to the employees, the burden of responsibility for updating firmware, operating systems, and applications rests squarely on the shoulders of the employees, who must wait for their carriers before they can implement updates.
As it usually does, part of the problem comes from a lack of awareness.
Rapid 7 conducted a survey of more than 500 organizations and found 64 percent allowed employees to use personally owned mobile devices at work. Among that 64 percent, nearly half did not know how many devices the average employee was using to access corporate data.
Beyond that, 62 percent of respondents said their organization was actively managing security on employee-owned devices connecting to their corporate networks. Just 17 percent have an awareness of the number of vulnerabilities present on each device, only 38 percent of respondents knew how many devices were password locked, and as many as 72 percent of devices may not be up-to-date with the latest respective operating systems version.
The vulnerability management company suggests organizations implement policies forcing users to password lock – with a more than four-character pin – devices accessing corporate data, maintain the ability to remotely wipe lost and stolen devices, educate users about risks, and encourage users to implement updates as early and often as possible.
Click here to view the report.