Policies allowing employees to bring their own devices to work (BYOD) have the unintended consequence of increasing the total number of vulnerable devices connecting to corporate networks and accessing corporate data, a report released today by Rapid 7 said.
While the general consensus says that BYOD policies increase productivity, corporate IT teams are doing a poor job managing them, according to the report. Worse yet, since many of the devices in use belong to the employees, the burden of responsibility for updating firmware, operating systems, and applications rests squarely on the shoulders of the employees, who must wait for their carriers before they can implement updates.
Part of the problem seems to be a lack of awareness. Rapid 7 conducted a survey of more than 500 organizations. Some 64 percent allowed employees to use personally owned mobile devices at work. Among that 64 percent, nearly half did not know how many devices the average employee was using to access corporate data.
Beyond that, 62 percent of respondents said their organization was actively managing security on employee-owned devices connecting to their corporate networks. Just 17 percent have an awareness of the number of vulnerabilities present on each device, only 38 percent of respondents knew how many devices were password locked, and as many as 72 percent of devices may not be up-to-date with the latest respective operating systems version.
The vulnerability management company suggests organizations implement policies forcing users to password lock – with a more than four-character pin – devices accessing corporate data, maintain the ability to remotely wipe lost and stolen devices, educate users about risks, and encourage users to implement updates as early and often as possible.