The number of employees bringing their own devices (BYOD) to the workplace has grown exponentially in recent years; a full 80% of employed adults use some kind of personal device (smartphones, tablets, or PCs) for work-related functions. While a large proportion of this 80% is likely attributed to personal computers, the ushering in of the smartphone era is starting to shift this trend toward mobile devices.
In any given meeting, I regularly see several smartphones and a tablet or two sitting out on the table, with the user either checking email or viewing electronic copies of the meeting materials. But this era of hyper-connectivity and the move towards BYOD brings with it some nasty headaches for IT departments, according to a recent ESET report.
The report brings with it some startling, though not surprising, statistics about device security. Less than 10% of tablet owners and 25% of smartphone users have auto-locking enabled on their devices. Adding in all devices used for work-related purposes yields a security compliance of less than 50%. ZDNet also sees this trend as a huge problem, encouraging smartphone and tablet owners to at least enable a basic password unlock on their devices.
While the statistics and suggestions out of the ESET and ZDNet reports certainly have some alarming data, the finger-pointing is squarely in the wrong direction. Businesses love the trend towards BYOD. In the past, if an organization wanted (or needed) its employees to be more connected, they would have to foot the full bill to purchase devices and cellular plans for their employees.
The costs associated with doing business in this way is huge, leading many organizations to limit this practice to director level employees or above. Now, most organizations simply provide a $30-$50 credit towards employee smartphone contracts, and generally only provide that benefit to employees in management or higher. That means that they get the benefit of non-management employees adopting smartphones and increasing productivity without having to pay for it on the back-end.
The second major flaw at least in ZDNet’s report is that they don’t point fingers at IT departments themselves for this utter lack of security. ZDNet focuses on employees who connect to Exchange networks, suggesting they should be ashamed of themselves for not setting a password on their devices that have access to valuable company information.
What they fail to report is that Exchange grants IT departments the ability to force users to implement security on their devices. I recently set up a connection to the Exchange server on my Android smartphone, and the connection required that I set at least a gesture-based unlock on my phone in order to connect. There’s no way around this either; if I remove the lock-screen gesture unlock in my device’s security settings, I lose connection to the Exchange network.
Though I agree that enterprise data integrity is a real issue facing IT departments today, the onus of data security compliance should be on these IT experts, whose primary purpose is to ensure network and data integrity. After all, corporations benefit when employees are constantly connected into work-related news and activities.