On the web you can find regular discussions about how people used to live without mobile phones. Somehow people lived without them until quite recently, but now it seems unimaginable. Discussions of the like are seldom very relevant, but smartphones and other mobile devices have undoubtedly become truly ubiquitous. Now they are not just means of communication, but working tools too, and very convenient ones from the point of view of employees. Though these tools are often the causes for headaches for system administrators with the BYOD concept enacted.
We listed the basic and typical risks of the BYOD concept in the spring (1, 2). Those articles frequently mentioned that a lost personal device with unprotected corporate data stored on it is a “typical nightmare” for IT departments. The reason for this is quite simple: the chance of losing things is too high and too unpredictable.
All mobile devices (laptops, tablets and smartphones) are easily lost, especially when they’re smaller. Laptops are left on public transportation, in railway stations and in airports; tablets can be easily concealed under a menu in a restaurant and vanish into thin air; smartphones are picked from pockets or are taken by aggressive petty criminals.
No one knows when and where it may happen, and even the most frugal and attentive people are unlikely to boast about never having lost anything in their lives. The matter should instead be about the measures that can be taken to reduce the negative effects of losing a device.
Data taken from a recent study on the main user risks by B2B International and Kaspersky Lab depict quite a miserable picture.
About 14% of respondents mentioned their devices having been lost, stolen or damaged beyond repair. The most unfortunate are men under 35 years old (24% of respondents represent this group) followed by women under 35 (17%), and then men and women over 35 (10% and 8% respectively).
Meanwhile, 29% of tablet owners and 20% of smartphone owners use their personal devices for storing corporate data and working on them, and one in ten mobile device owners store passwords and PIN-codes on their devices. We wrote more on this in late September.
Apparently, very few people actually care about losing their gadgets and aren’t enabling remote device locking, suspending the cost plan for the lost device, changing passwords for accounts, launching device detection if available, or remotely restoring the factory settings (to delete all user data on the device). The cases when users remotely activate cameras to take pictures of the “new owner” of the device are the rarest, and such events are real newsbreaks.
It is difficult to justify such negligence. The likely reasons are relatively cheap devices and the fact that the police would not to want to spend the time and resources on tracking a lost gadget (unless the deprivation was supplemented with excessive violence, of course). Therefore, users are unruffled about their losses: things come and go.
But if there is critical information or corporate network access data on a mobile device, losing it could become a very serious problem. That’s exactly why, when adopting the BYOD concept in a company, it is necessary to secure data from falling into the wrong hands by encrypting it, isolating work files from personal ones, and providing the means to remotely delete everything. These methods have long been developed and implemented in enterprise security solutions such as Kaspersky Endpoint Security for Business or Kaspersky Security for mobile devices, for example.
Unfortunately, surveys show that just one out of eight companies fully implements the mobile device security policies. Although it seems clear that BYOD is going to be adopted everywhere in the near future, bringing problems along with it.