Some technology industry pundits are convinced that BYOD – or Bring Your Own Device – is a trend that will become more prevalent in workplaces as businesses adapt to changing technology trends and accept that the devices owned personally by employees can be far more advanced than those the company can provide them. But the real challenge for businesses is in the area of mobile security – BYOD can cause headaches for company IT administrators, who are usually largely unprepared to deal with various security issues that may occur from the use of personal devices in the workplace.
A recent study by IT management software provider SolarWinds actually revealed some startling facts about Singapore SMEs and mobile security, or to be more exact, the lack thereof. The survey of 150 IT decision makers at Singapore SMEs – 65 from SMEs with under 50 staff, and 85 from SMEs with over 50 staff -, across a range of industries, was conducted in September to gauge how BYOD is impacting the SME sector.
Here are some of the survey findings:
- Almost half of those polled (47 per cent) place the security and safety of mobile devices solely in the hands of their staff, with only 16 per cent providing staff with some assistance in securing their device, such as installing anti-virus or anti-spam programs.
- Despite the fact that over 70 per cent of respondents agreed that mobile devices pose the biggest risk to network security, and almost the same amount (67 per cent) admitted to heightened concerns because their employees used their own devices rather than company supplied devices for work, only half of all those surveyed said that they had developed an IT security plan for their business.
- The most common issue faced by those charged with managing and securing employees’ personal mobile devices within their network was the inability to rapidly identify, quarantine and mitigate threats, with 35 per cent citing this as a problem.
The most common user behaviors on mobile devices which threaten the security of the Singapore SMEs surveyed include:
- Loss of handsets
- Unsecured sharing of company files/data
- Use of unsecured WiFi
- Creating passwords which are too easy to crack
- Not using a VPN and visiting phishing or malware sites
Other BYOD issues included the visibility (or lack thereof) of corporate devices on the network, viral attachments, and even uncooperative employees, with 27 per cent highlighting this as a roadblock to mobile security.
“Given that more than a third of all SMEs surveyed (35 per cent) have all of their staff using their own mobile devices for work, the lack of assistance provided to staff to secure those devices poses a significant risk for organisations of this size,” says Sanjay Castelino, VP and market leader, SolarWinds. “In fact, around 10 per cent of the respondents reported that their employees’ mobile devices have already threatened the security of their organisation.”
According to SolarWinds, this figure has been surprisingly skewed upwards by larger organizations that you would have expected to have more defined security policies and procedures in place than their smaller counterparts, with 15 per cent of those in businesses of 50 or more staff reporting a previous threat to security, but just three per cent from those with less than 50 staff. Additionally, almost a third of those who had implemented a mobile security solution (31 per cent) only did so in response to a threat, rather than to mitigate against potential threats.
“These issues have been largely experienced in the enterprise or larger business end of town, but today’s results show that Singaporean SMEs are just as exposed. The survey results demonstrate a real disparity between the recognition of the potential problems posed by BYOD and the level of activity around addressing those issues,” adds Castelino. “Singapore SMEs need to take a more hands-on approach in managing their employees’ mobile devices which access their corporate network.”
Coupled with such challenges, we’re likely to see many Singapore SMEs continue to struggle with their BYOD and IT security policies in the near future.