BYOD poses big security threat to micro businesses

Micro businesses are adopting mobile devices at the same rate as large enterprises, but lack the same security resources

Micro businesses with fewer than 25 employees have the same rate of mobile device adoption as large enterprises, but lack the security resources to protect users, a study has revealed.

More than a third of micro businesses are using mobile devices, compared to 35% for large enterprises, according to a Kaspersky Lab survey of 3,900 IT professionals worldwide.

The problem is that most micro businesses lack the security awareness, technical expertise, and budget needed to properly protect mobile devices.

According to the survey report, these limitations may lead to a knowledge gap even among security-minded business owners.

For example, 31% of micro businesses listed securing mobile computing devices as one of their top three IT security priorities for the next 12 months.

But, when asked about bring-your-own-device (BYOD) policies, the survey uncovered a perception gap based on company size.

Only 28% of micro businesses agreed that BYOD introduces an increased IT security risk to their business, compared with 52% of large businesses and 48% of enterprises.

Kaspersky Lab said it is possible micro businesses are overlooking employee-owned mobile devices as a security risk, even though they are most likely to opt for BYOD to cut costs.

Common threats from employee-owned mobile devices include malware or rogue applications connecting to the company’s network via the device, or company data disappearing along with a lost or stolen employee device, the survey report said.  

However, the report advised a mixture of common sense and the right technology can go a long way to securing mobile devices.

It also said employee education can provide the first line of defence by encouraging safe behaviour through awareness and understanding of the threat.

Education programmes can be used to tell employees about how to avoid unnecessary risks and the importance of notifying the company immediately if a device used for work is lost or stolen.

It is essential that micro businesses invest in inexpensive software that can remotely wipe the data from missing or stolen devices, the report said.

However, businesses adopting this approach must make sure employees understand that if their device is wiped, that typically means any personal information on the device is deleted as well.

The report advises micro businesses to avoid complexity by investing in security software that is appropriate to their needs and sticks to core mobile security features.

The survey comes amid indications that cyber attackers are increasingly exploiting vulnerabilities in mobile computing to infiltrate corporate networks.

The problem is too few organisations that have embraced mobile computing are backing up the move with appropriate controls and polices, particularly for employee-owned devices.

According to PricewaterhouseCoopers (PwC), many organisations hit with cyber attacks struggle to identify the point of compromise, even large enterprises.

But increasingly, these points of compromise are linked to mobile devices, such as laptops, tablets and smartphones – although this is, as yet, seldom reported in public.

Read more on Endpoint security