When you don’t know the who, what or where: Half of European organisations still have no corporate BYOD policy
August 2023 by JAMF
Jamf are releasing new survey data that reveals 49% of enterprises across Europe currently have no formal Bring-Your-Own-Device (BYOD) policy in place, meaning they have no visibility into or control over if and how employees are connecting personal devices to corporate resources.
The research from Jamf, derived from surveying more than 100 organisations at its annual events in London, Germany, France and Amsterdam, reveals the cybersecurity risks facing organisations. With the summer holiday season in full swing and employees jetting off to sunnier climes, organisations will likely see an increase of remote logins from personal devices to corporate resources.
With no control over who can access what information, from where, when and, more importantly, how, establishing and enforcing a BYOD policy it is still a challenge for many organisations. This is leaving them open to risks ranging from data leakage or theft, out-of-date or vulnerable software, risky content, shadow IT, and even physical loss of the device; all of which put the company and its critical data at risk.
Additional findings from the European survey revealed:
• 43% of respondents felt they are up against more compliance-based security concerns this year versus last year.
• 53% of orgs are either already actively cutting IT/Security costs or are currently looking into it.
• More than two third (67%) of orgs are using between one and five vendors for management and security across all device types.
• 57% of orgs have separate teams that manage devices versus securing them.
Exacerbating the challenge of managing devices, is the fast-evolving threat landscape that organisations are facing, with 41% of respondents concerned about the growing number of vulnerabilities in Apple operating systems and the volume of patches that must be applied across both devices and applications.
Michael Covington, VP of Portfolio Strategy at Jamf, comments: “While it is easy to get swept up in the positives surrounding ’anywhere work’ programs that empower employees to work remotely on their own schedule, from any location and from any device, organisations need to examine the associated risks and decide how to manage them."
“Giving employees the power of choice to use their own devices for work can save the organization money, but the real benefit is a seamless end user experience that eliminates the need for multiple devices and introduces streamlined productivity workflows. It’s important to have a clearly documented BYOD policy in place to take advantage of these benefits, but the good news is that the technologies are now available to effectively manage risk in these environments.”
Advice for organisations looking to implement a BYOD policy includes:
• Getting employees enrolled in a BYOD or Mobile Device Management (MDM) program is a process – think about how you manage this and communicate the benefits to employees. Some may have concerns around privacy so be clear in how data will be handled, how you will be installing applications and security protocols onto their devices or if there will be a figurative partition that separates work-related apps from the personal side of their device.
• Users can be part of the security solution – ensuring basic management controls and cyber hygiene, it is important that employees using their own devices understand the importance of actioning operating system and application updates when prompted. Lay out clearly in the BYOD policy what the baseline standards for any devices connected to the corporate network is – only if the device and user meet and maintain these standards, then they are allowed access to sensitive business data.