Half of companies have lost a portable computing device with important data on it that had security implications for more than 20% of organisations, a survey has revealed.
Further, 57% of employees believe that bring-your-own-device (BYOD) practices put their personal data at risk as well, according to a survey by data governance software company Varonis.
Despite these concerns, the study also revealed 86% of employees use their personal devices for work at all hours of the day, with 44% admitting to doing so during meals.
Additionally, 20% of respondents consider themselves "borderline workaholic", 15% take their devices on holiday and 7% claim their work and home lives are one.
But the study found the productivity drain is greater for companies that allow BYOD. Nearly a quarter of respondents said they spend more time than they care to admit doing things unrelated to work during work hours.
According to the findings, almost three-quarters of employees are now allowed to access company data from their personal devices.
This growing trend to work remotely is likely to have an impact on breaches and data leakages, as mobile devices continue to have major security implications, according to the research report.
The study found that implementing a BYOD policy did reduce security incidents, but only by 5%.
Read more about BYOD
- UK laxity on BYOD raises data loss risk, says ICO
- Managing BYOD endpoint security
- BYOD security strategies: Balancing BYOD risks and rewards
- Developing data security policy for BYOD
- Employee hardware ubiquitous but BYOD policies remain weak, finds survey
- Tools for BYOD success
- BYOD policy and the data protection products that can help
The most popular method to secure mobile devices is password protection (57%), followed by 35% who wipe devices remotely and 24% who use encryption.
“Being connected to work around the clock appears to be accepted as the ‘new normal’,” said David Gibson, vice-president of strategy at Varonis.
“While organisations are capturing the many benefits of BYOD - and the willingness of the workforce to embrace this style of working – companies must protect themselves,” he said.
Gibson said all companies that allow BYOD should:
- Develop a BYOD policy that lets people know what is and is not allowed;
- Make sure controls are appropriate to the risks– if the data is valuable, organisations need to control where it resides and who has access to it, need to be able to audit use and spot abuse;
- Monitor the effects of frequent interruptions and “always-on” habits to watch for signs of impaired productivity or health.
“Only by limiting the potential damage – both to organisations and employees – can organisations make the most of a trend that will continue to leap forward, whether businesses allow it to or not,” he said.