It’s likely every enterprise IT professional is quite familiar with “bring your own device” (BYOD) as an increasingly prevalent workplace trend. And whether that term elicits either fearful cringes or sighs of contentment from those responsible for BYOD implementation and compliance largely depends on the extent to which employees adhere to a company’s stated policies.
Unfortunately, BYOD policy compliance too often proves an elusive target, which presents potentially disastrous security risks.
In the recent article, “Should CIOs use a carrot or a stick to rein in BYOD workers?,” courtesy of IT World, the author discusses whether those responsible for enforcing adherence to BYOD policies should go about doing so by levelling threats or by offering enticements.
What’s at stake? Plenty, according to the article.
“A Centrify survey of more than 500 employees at mid-to-large companies showed that 43% have accessed sensitive corporate data while on an unsecured public network, 15% have had their personal account or password compromised, and 15% say they have no to minimal responsibility to protect data stored on their personal devices.”
With a company’s solvency potentially on the line, some CIOs address the risk by threatening employment termination as a result of non-compliance. Others choose to instead offer rewards for staff compliance, hoping a positive-reinforcement approach proves more effective than scare tactics.
“…CIOs can lead BYOD employees to greener security pastures by dangling a stipend in front of them — that is, the promise of a monthly payment that offsets the cost of the phone bill in return for following the company’s mobile device policy,” states the article’s author.
Is your company BYOD-friendly? If so, how are your security policies enforced?
I encourage you to read the IT World piece in its entirety and then return here to share your thoughts.
As always, thanks for reading.
Security is the responsibility of everyone in the organization. With BYOD, it becomes even more critical to have education and awareness of security risks. The statistics in the blog highlight the danger – almost 43% accessed sensitive data from outside the organization. Security audits performed firms like Xerox are the first step to address the problem.
I agree, Dinesh, that education and awareness are critical components of any company’s ability to ensure comprehensive data security. Thanks very much for taking the time to post your comment.