Bring Your Own Downfall: half of SMBs still have no BYOD policy
By Catherine McFarland • 08 May 2014
In the same week that The Law Society issues guidance on the benefits and risks of cloud computing, we reveal that around half of UK organisations are risking data protection breaches simply by not having a bring your own device (BYOD) policy in place.
A Cloud Direct survey of 366 business and IT managers of small-medium organisations in April 2014, revealed that:
- 73% of small-medium organisations either don’t have a BYOD* policy (50%) or don’t know if they have a BYOD policy (23%)
- Organisations are exposing themselves to security vulnerabilities and data protection law breaches every day simply by not having a BYOD policy
- They’re also risking the benefits of the valuable opportunities that come with BYOD, such as increased speed, agility and employee satisfaction
BYOD – The Golden Egg
Nearly three-quarters of organisations deploying BYOD report improvements in employee productivity, customer response times and work processes, according to Dell. And the benefits don’t stop there. BYOD also brings:
- Management flexibility: BYOD eases the management burden by eliminating the need to select and manage a mobile device provider and plan
- Cost savings: the business no longer has to pay for a corporate mobile plan – although there are likely to be some costs involved.
- Simplified IT: the business no longer has to provide technical support for employees; they will naturally look directly to their provider, as they always have done with their personal devices.
BYOD - The Humpty Dumpty Effect
But all of these game-changing benefits that should increase your competitiveness, can all come crashing down in one single, often unwitting, move by an employee.
“If left unmanaged, BYOD can lead to loss of control, impact your network availability and cause data loss.; ~ Gartner
For example, if a member of staff – or even a business partner or supplier with corporate access - fails to maintain system updates on his or her mobile device, that device is more vulnerable to attack. And if customer data is exposed as a result, the Information Commissioner’s Office (ICO) can levy fines on the business of up to £500,000.
In March, the ICO fined a charity £200,000 for exposing thousands of personal details to a malicious hacker.
Security breaches – the source
According to the 2014 Information Security Breaches Report conducted by PricewaterhouseCoopers for the Department for Business Innovation and Skills (BIS), 31% of the worst breaches in the past year were caused by inadvertent human error and 20% by deliberate misuse of systems by staff. That’s a worrying total of 51% of security breaches attributed to employees or associates.
Security breaches – the cost
The same BIS report shows the cost of the worst breach for smaller organisations with fewer than 250 employees to have roughly doubled to between £65,000 and £115,000. This is up from £35,000 to £65,000 a year ago.
“You need the right network, access strategies and policies in place to secure your environment.” ~ Gartner.
So, the importance of a BYOD policy is pretty clear. But it’s often difficult for SMBs - who don’t necessarily have the resources at their disposable in the same way larger organisations might – to get round to actually putting one in place. Day-to-day operations always seem to take priority. Which is hardly surprising. Except there’ll always be that niggling fear that one day it cloud all go horribly wrong.
Write your own BYOD policy
But fret not, we’re publishing THE BYOD BIBLE, a series of five e-books that will guide you down the sometimes stony path to a good BYOD place.
This week, you can download the fourth in the series: “THE BYOD BIBLE: Shepherding your Flock – How to write your own BYOD Policy”.
*Bring your own device (BYOD) is a term that refers to employees using their personal computing devices - such as a smart phone or tablet – for work.
Share this post