Despite the ever growing number of businesses which are allowing employees to utilise personal devices in the workplace, it seems many organisations are still struggling to ensure adequate vulnerability management when it comes to putting a BYOD policy in place.
According to a recent study by Virgin Media Business, more than half of secure IT networks in the UK were breached during 2012 as a result of employees using personal devices.
Furthermore, it seems larger organisations are the ones which are at greater risk of a BYOD-related security breach. After surveying 500 chief information officers based in Britain, Virgin Media found that smaller businesses were 25 per cent less likely to be the victim of a security breach than a larger enterprise.
BYOD security is not merely a concern overseas either, as many organisations in Australia are also struggling to find the right balance between catering to the needs of their employees and ensuring adequate risk mitigation.
In November 2012, the Australian government Department of Defence's Defence Signals Directorate (DSD) released a document – which can be viewed here – outlining several key considerations businesses should take before implementing a BYOD policy.
It encouraged organisations to take a risk management approach to personal devices in the workplace, by developing clear policies on how employees would be able to use their smartphones and tablets.
Businesses looking to truly ensure that they are adequately mitigating the risk of being impacted by a security breach would be wise to take these recommendations into account, whilst at the same time undergoing regular penetration testing evaluations to determine where potential vulnerabilities may be presenting themselves.
Virgin Media Business chief operating officer Tony Grace believes 2012 was a difficult year for organisations looking to allow employees to utilise their personal devices in the workplace.
He argues however that this is "natural enough" as nobody has yet been able to "come up with the magic solution".
"[Chief information officers] shouldn’t see this as a burden and in 2013 they can take the lessons learned and turn these personal devices into business enablers to really help drive the bottom line," said Mr Grace in a statement.
"With sales of tablets expected to have gone through the roof over Christmas, it looks like personal devices in the workplace is here to stay. But with just a fifth of large firms having a BYOD policy, businesses will continue to experience security breaches until connectivity, security and user policies are put in place."
Australian businesses looking at employing a BYOD policy will want to think carefully about the security policies they have in place in order to ensure they are not significantly increasing their risk of being impacted by a security breach in doing so.