BYOD 'not on the agenda' at 40% of companies but expert warns against ambivalence

Out-Law News | 06 Nov 2013 | 9:37 am | 2 min. read

More than 40% of companies do not consider the 'bring your own device' (BYOD) trend to be on their agenda, according to a survey of IT leaders.

A report by stated that 34% of respondents to a survey it conducted into attitudes to BYOD (44-page / 5.03MB PDF) either felt apathetic or had "mixed feelings" about the concept.

However, just over 25% of those surveyed expressed positive views about BYOD and said that their employer had embraced the "craze". BYOD is a term given to describe the growing trend of employees using their own personal smartphones, tablets and other mobile devices for work purposes.

"Whether they are ambivalent or embrace the principles of the BYOD movement, a company needs to protect itself from the fall out that can impact them through their staff using BYOD," employment law expert Edward Goodwyn of Pinsent Masons, the law firm behind, said. "Employees are using their own devices and bringing them into work regardless of their employers' views. As such, employers should either consider prohibiting BYOD for work, access to their system or their clients' data, or they should apply sufficient controls to protect them and their clients."

"Where this balance lies ultimately will depend on the organisation’s corporate culture but employers should be very careful about a BYOD free-for-all," he added. "Organisations should consider implementing a well balanced policy to include the use of BYOD. It should deal with issues such as the security of individual devices, what functions staff will be allowed to perform using their own devices and the range of employees they wish to give those usage rights to. Equally, the policy should clearly set out what the sanctions are if the employees breach the policy."

According to the report, some respondents to its survey expressed security concerns around the adoption of BYOD.

"The proliferation of non-Windows hardware and other employee-owned devices attempting to connect to the corporate network is seemingly a cause of great concern for many IT bigwigs," the report said. "Several respondents went so far as to restyle BYOD as ‘bring your own disaster’."

At the beginning of March this year, the UK's data protection watchdog published new guidance for employers on BYOD. The Information Commissioner's Office (ICO) stressed that organisations should remember that they are duty-bound to look after the personal data they are responsible for under data protection laws "regardless of the ownership of the device used to carry out the processing".

Companies must ensure that devices used for work purposes are password-protected, and that data is encrypted when being transferred as well as being stored, it said, among other things.

According to a survey by Samsung, fewer than a third of businesses in Europe with more than 1,000 employees have a formal BYOD policy. However, almost all British businesses (97%) have suffered or anticipated a BYOD security breach, Samsung's study said.

The report revealed that some companies have placed limits on the scope at which BYOD operates within their organisation.

"Among our respondents who offer a more mixed response to the idea of BYOD, a number reveal that the bring-your-own practice is thus far only allowed among senior management," the report said. "Others report that staff are permitted to use their own smartphones, and in some cases tablets, but that the IT department’s tolerance does not extend to laptops."

"Others state that workers are allowed to bring their own device in principle, but that, in reality, only certain hardware and software manufacturers can be accommodated. A fairly sizeable number of IT chiefs claim that their organisation’s policy encompasses a choose-your-own-device element, rather than a full-on BYOD strategy," it said.