Tackling Employee Disinterest in BYOD Security
Educating employees about the security risks of using their own mobile devices which contain sensitive corporate data sounds like a no-brainer. The problem is, most employees don't give BYOD security much thought. For instance, a mere 15% of employees believe they have minimal to zero responsibility to protect data stored on their personal devices, according to a study by Centrify. There are a few factors contributing to the lack of compliance and disinterest on the part of employees. For starters, many employees mistakenly assume that safe BYOD security practices are the sole responsibility of the company and IT organization. The assumption is that the company will take whatever steps are necessary to secure sensitive corporate data and apps that individual employees are accessing. What many employees don’t recognize is that risky use of personal mobile devices – even when unintentional, such as accessing a public Wi-Fi network at a shopping mall – can place a company’s intellectual property in jeopardy. There are a number of steps that organizational leaders can take to educate employees on the prudent use of mobile devices. Communication regarding secure use of mobile devices should start from the upper ranks of the company – namely, the CEO. Messaging from the CIO or a Chief Risk Officer will likely be regarded by employees as a less-relevant IT issue, despite their C-level designations. Business and functional leaders can also communicate the reasons why employees need to take proper precautions in their use of their mobile devices. This can include reminders in town hall meetings and other gatherings about the importance for employees to report suspicious emails to IT. Or the need to have strong passwords that include numbers, a mix of upper and lower-case letters, use of characters, etc. Ultimately, it’s about regularly communicating the responsibility that each employee has in protecting sensitive customer information and preventing that data from falling into the wrong hands. Fortunately, mobile app security doesn't fall completely on employees. Administrators and organizations can benefit from the use of mobile application management (MAM®) which protects proprietary data and apps from malicious attacks while segregating personal data on employees’ devices. Additionally, an enterprise mobility solution can also wipe corporate information or apps from an employee’s device should the device be lost, stolen, or if they leave the company.