Jamf, providers of a complete enterprise-level management and security solution for an Apple-first environment, has released new survey data that reveals 49% of enterprises across Europe currently have no formal bring your own device (BYOD) policy in place, meaning they have no visibility into or control over if and how employees are connecting personal devices to corporate resources.
The research from Jamf, derived from surveying more than 100 organisations at its annual events in London, Germany, France and Amsterdam, reveals the cybersecurity risks facing organisations.
With no control over who can access what information, from where, when and, more importantly, how, establishing and enforcing a BYOD policy it is still a challenge for many organisations. This is leaving them open to risks ranging from data leakage or theft, out-of-date or vulnerable software, risky content, shadow IT and even physical loss of the device; all of which put the company and its critical data at risk.
Additional findings from the European survey revealed:
- Forty-three percent of respondents felt they are up against more compliance-based security concerns this year versus last year
- Fifty-three percent of organisations are either already actively cutting IT/security costs or are currently looking into it
- More than two-thirds (67%) of organisations are using between one and five vendors for management and security across all device types
- Fifty-seven percent of companies have separate teams that manage devices versus securing them
Exacerbating the challenge of managing devices, is the fast-evolving threat landscape that organisations are facing, with 41% of respondents concerned about the growing number of vulnerabilities in Apple operating systems and the volume of patches that must be applied across both devices and applications.
Michael Covington, VP of Portfolio Strategy at Jamf, said: “Giving employees the power of choice to use their own devices for work can save the organisation money, but the real benefit is a seamless end-user experience that eliminates the need for multiple devices and introduces streamlined productivity workflows. It’s important to have a clearly documented BYOD policy in place to take advantage of these benefits, but the good news is that the technologies are now available to effectively manage risk in these environments.”
Advice for organisations looking to implement a BYOD policy includes:
- Getting employees enrolled in a BYOD or Mobile Device Management (MDM) programme is a process – think about how you manage this and communicate the benefits to employees. Some may have concerns around privacy so be clear in how data will be handled, how you will be installing applications and security protocols onto their devices or if there will be a figurative partition that separates work-related apps from the personal side of their device.
- Users can be part of the security solution – ensuring basic management controls and cyberhygiene, it is important that employees using their own devices understand the importance of actioning operating system and application updates when prompted. Lay out clearly in the BYOD policy what the baseline standards for any devices connected to the corporate network is – only if the device and user meet and maintain these standards, then they are allowed access to sensitive business data.