October 24, 2013

About half of Gen Y employees (51%) would break company policies that ban bringing personal devices to work, according to Fortinet’s Internet Security Census 2013. The survey also found that 36% of employees that use their own personal cloud storage accounts for work would also break policy that restricted usage.

The majority of the respondents (55%) reported they had experienced an attack on personal PCs or laptops, and half of those employees indicated they had lost personal or corporate data. Yet 14% stated they would not tell an employer that their personal device used for work has been compromised.

“They use it [cloud] so much for everything else like their personal lives, it’s much easier for them to use it for their work life as well,” says John Maddison, VP of marketing at Fortinet. “I don’t think it’s a malicious activity, they’re not going out of their way to switch agents or hack into systems or extract information.”

[See Related: Top 5 BYOD Pitfalls Your Bank Should Avoid]

Fortinet, a network security technology provider, commissioned Vision Critical to conduct the survey of 3,200 individuals between the ages of 21 and 32 who owned mobile devices and have full-time employment, across 20 countries.

The survey found that cloud products like iCloud, Google Drive, MS SkyDrive, DropBox, YouSendIt, Evernote, Webmail such at Gmail and Outlook and other cloud services have been used for work by 70% of respondents.

About 13% of the respondents said they don’t use cloud for any work or personal data storage, while 32% stated that they fully trust the cloud. The majority of respondents said they utilize the cloud for work emails or work-in-progress documents. Other common uses for cloud include storage for critical private documentation, like contracts, financial information, like sales data, and logos or graphics.

However, 57% of the respondents said they understand the security risks associated with cloud and only store data that would not present a major issue if lost or compromised.

Respondents were also asked if they have heard of different types of security threats like phishing and DDoS attacks. About 52% of respondents were uneducated about threats like DDos, APTs, botnets and pharming, according to the survey.

Having the IT department educate and train employees on mobile security is one way to combat threats, says Fortinet’s Maddison.

“The next aspect is to be a bit more flexible with the policy,” he adds. “If you know what’s going to happen, than design a policy that’s going to take that into account.”

For example, if employees are using DropBox for work, then employers must design a policy that ensures security, he explains. In addition to educating employees and designing a policy, Maddison also recommends restructuring IT architecture for cloud.

Zarna Patel is a staff writer for InformationWeek's Financial Services brands, which include Bank Systems & Technology, Insurance & Technology and Wall Street & Technology. She received ...