News

09:59 AM
Connect Directly
Google+
LinkedIn
Twitter
Facebook
RSS
E-Mail
50%
50%

Survey: Majority of Employees Ready to Break BYOD Policies

A survey by Fortinet, a network security company, found younger employees are often willing to break company policies around personal mobile devices and cloud usage.

About half of Gen Y employees (51%) would break company policies that ban bringing personal devices to work, according to Fortinet’s Internet Security Census 2013. The survey also found that 36% of employees that use their own personal cloud storage accounts for work would also break policy that restricted usage.

The majority of the respondents (55%) reported they had experienced an attack on personal PCs or laptops, and half of those employees indicated they had lost personal or corporate data. Yet 14% stated they would not tell an employer that their personal device used for work has been compromised.

“They use it [cloud] so much for everything else like their personal lives, it’s much easier for them to use it for their work life as well,” says John Maddison, VP of marketing at Fortinet. “I don’t think it’s a malicious activity, they’re not going out of their way to switch agents or hack into systems or extract information.”

[See Related: Top 5 BYOD Pitfalls Your Bank Should Avoid]

Fortinet, a network security technology provider, commissioned Vision Critical to conduct the survey of 3,200 individuals between the ages of 21 and 32 who owned mobile devices and have full-time employment, across 20 countries.

The survey found that cloud products like iCloud, Google Drive, MS SkyDrive, DropBox, YouSendIt, Evernote, Webmail such at Gmail and Outlook and other cloud services have been used for work by 70% of respondents.

About 13% of the respondents said they don’t use cloud for any work or personal data storage, while 32% stated that they fully trust the cloud. The majority of respondents said they utilize the cloud for work emails or work-in-progress documents. Other common uses for cloud include storage for critical private documentation, like contracts, financial information, like sales data, and logos or graphics.

However, 57% of the respondents said they understand the security risks associated with cloud and only store data that would not present a major issue if lost or compromised.

Respondents were also asked if they have heard of different types of security threats like phishing and DDoS attacks. About 52% of respondents were uneducated about threats like DDos, APTs, botnets and pharming, according to the survey.

Having the IT department educate and train employees on mobile security is one way to combat threats, says Fortinet’s Maddison.

“The next aspect is to be a bit more flexible with the policy,” he adds. “If you know what’s going to happen, than design a policy that’s going to take that into account.”

For example, if employees are using DropBox for work, then employers must design a policy that ensures security, he explains. In addition to educating employees and designing a policy, Maddison also recommends restructuring IT architecture for cloud.

Zarna Patel is a staff writer for InformationWeek's Financial Services brands, which include Bank Systems & Technology, Insurance & Technology and Wall Street & Technology. She received her B.A. in English and journalism from Rutgers University College of Arts and Sciences in ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Nathan Golia
50%
50%
Nathan Golia,
User Rank: Author
10/25/2013 | 7:53:32 PM
re: Survey: Majority of Employees Ready to Break BYOD Policies
Right, I don't think we should take this as "all organizations should use Dropbox because their employees will anyway." There are definitely alternatives out there that can be just as accessible while having much better policies around data security and ownership.
Nathan Golia
50%
50%
Nathan Golia,
User Rank: Author
10/25/2013 | 7:52:40 PM
re: Survey: Majority of Employees Ready to Break BYOD Policies
The first sentence of this is interesting G 51% would break such rules, but how many companies even have them at this point? As you reported, many financial firms are well into the BYOD era.
Yaldez4FSI
50%
50%
Yaldez4FSI,
User Rank: Apprentice
10/25/2013 | 5:47:00 PM
re: Survey: Majority of Employees Ready to Break BYOD Policies
I don't want to provide a commercial announcement here, but there are "dropbox" like solutions that provide similar person to person customer experiences for passing files. Such as IBM QuickFile.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
10/25/2013 | 10:02:14 AM
re: Survey: Majority of Employees Ready to Break BYOD Policies
Companies that continue to ban personal devices at work are foolish. Employees will do whatever it takes to make their lives easier and complete their job faster. And if that means sending a company file to Dropbox or Google Drive and accessing it on their mobile device, so be it. At least with a strong BYOD policy, a financial firm can govern what apps people use, what data is accessed on the devices, and ultimately, secure data access at the device level.
barwellp
50%
50%
barwellp,
User Rank: Apprentice
10/24/2013 | 7:51:55 PM
re: Survey: Majority of Employees Ready to Break BYOD Policies
When you use dropbox you sign over the rights of your companies data to another organaisation who can then do as they please with it. Just like Experian, they could sell it to Vietnamese criminals who are posing as investigators. Organisations need a more secure - corporate alternative to dropbox to enable their workers the same flexibility.

Devices accessing the network,whether corporate or employee owned, should be managed so only corporate approved apps can edit corporate data.
Byurcan
50%
50%
Byurcan,
User Rank: Author
10/24/2013 | 5:41:30 PM
re: Survey: Majority of Employees Ready to Break BYOD Policies
This survey just reinforces why banks need good, practical BYOd policies in place, if they don't already.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.