Staff 'ignorance of BYOD policies' compromising corporate data, research suggests

Out-Law News | 22 Oct 2014 | 3:44 pm | 1 min. read

Corporate data is being exposed to security risks by the ignorance of UK staff about employers' policies on the use of personal devices for work, according to new research.

According to software provider Intercede nearly a quarter of UK employees (23%) are "completely unaware" of their employer's 'bring your own device' (BYOD) policy.

More than a fifth of respondents to an Intercede-commissioned survey (21%) said they had accessed corporate data on their mobile device without permission despite knowing they needed permission to do so, whilst a further 40% said they believed they would be able to access business information on their phones "without prior consent".

According to the survey of 1,213 UK employees, 40% of UK workers use either their own mobile device or one provided by their employer to "access secure corporate data". Nearly a fifth of those staff (19%) remain permanently logged in to the systems on which that data is stored, Intercede said.

"By bypassing companies’ BYOD policies and not taking regulations into account when accessing sensitive data, employees are leaving the back door open to hackers," Richard Parris, Intercede chief executive, said.

Parris said mobile devices used for work purposes should be "a secure authentication device which acts as the first line of defence to protect corporate data being accessed on it".

Intercede said that just 5% of respondents to its survey "were concerned that if they lost their handset corporate information would be compromised". Nearly one in 10 employees admitted to using IT services without the knowledge of their employers' "technology team" to access work emails without permission, Intercede said.

"The widespread apathy towards company data shown by the report highlights the need for companies to act quickly and robustly to protect their own data or risk major security incidents," Parris said.