Businesses are encouraging their staff to use their own mobile phones and laptops at work, but are failing to manage how they use them.
A survey of more than 2,000 IT professionals and office workers found that only 36% of organisations have formal policies on how their employees use personal devices at work.
The findings, revealed in research published by BT and Cisco, raise questions over how effectively companies are securing confidential data on their networks, as bring your own device (BYOD) schemes take off.
“If you have a growing number of employees bringing their own devices which are not being actively monitored, that raises questions whether employers know what employees are accessing,” said Martyn Turze, account manager at polling company Vanson Bourne, which conducted the research.
Risks of BYOD
Potential risks include employees downloading confidential company data on the personal devices, inadvertently infecting a company network with malware, or breaching compliance regulations.
Yet, according to the survey, only 26% of employees who use a personal device for work are aware of the potential security risks.
And just over a quarter of IT managers are confident that all workers understand the permissions and access requirements for using mobile devices at work.
One major area of controversy is the question of who owns data stored on mobile phones and laptops when employees use their own devices for both work and personal use.
BYOD drives demands for bandwidth
The popularity of BYOD schemes at work is putting a strain on company networks, a survey commissioned by BT and Cisco has revealed.
Over half of the IT managers questioned in a worldwide survey reported declining performance in work-based applications as more employees attach their own devices to the company network.
Almost half of those workers with access to Wi-Fi in their offices have experienced delays logging on or accessing applications. And 39% have reported that networks are running more slowly than before.
“It is important that companies start thinking about their bandwidth needs, not just for now, but five years hence,” said Adrian Drury, practice leader for consumer IT at analyst group Ovum.
Who owns data on personal devices?
“There is a huge amount of contentious legal argument over BYOD, and that is down to ownership. If I give an employee a £500 stipend to buy an iPad, who owns the iPad? It’s a grey area if there is a data breach,” said Adrian Drury, consumer IT analyst at Ovum.
In some cases, employers make it a condition for employees using personal devices at work, that the company installs software to erase all data on the device, if it is lost or stolen.
In other cases, employers are able to segregate personal and corporate data on the same device.
Banning devices is a mistake
The research suggests that 24% of organisations actively encourage and support BYOD whatever the device, and around 34% allow BYOD with some restrictions, for example on the type of device used.
Some 12% of companies ban personal devices completely and impose disciplinary measures on employees who breach the rules.
But banning personal devices from the workplace entirely is probably a mistake, as it drives their use underground and out of sight of the IT department, said Drury.
Even in industries where there are compliance regulations to prevent personal devices being used, personal phones and tablets are widely used, he said.
“We have seen very high levels of BYOD in financial services and capital markets in particular. There is an iPad on every desk. That is a big problem,” he said.