New Webroot Survey Reveals Company and Employee Disconnect on BYOD Security Policies

Unsecured Personal Devices Far Outnumber Company-Managed Devices, Creating a Potential IT Security Gap

BROOMFIELD, CO - May 21, 2014

A new Webroot Mobile BYOD Survey details the security perspective of consumers who use their personal mobile devices for work purposes. Conducted by Webroot, the market leader in cloud-based, real-time internet threat detection, the study indicates that many employees do not take adequate steps to protect company information, a weakness that could result in critical security breakdowns. The study also provides a BYOD Bill of Rights guideline to bridge the gap between employees’ preferences and the security requirements of their organizations.

Key findings from the Webroot Mobile BYOD Study include:

  • More than twice as many workers report using personal devices than those using devices issued by their employers, indicating a potential IT security gap
  • 60% of those using a mobile device for business have either no security or just the default features set on the phone
  • Nearly half say they would stop using their device(s) for work altogether if corporate policy required that they install a security app on personal devices used for work purposes
  • Employers being able to access employees’ personal data emerged as the top worry, with a majority describing themselves as either extremely concerned or very concerned about this
  • 73% agree that employees should have some influence on software or security installed on personal devices used for work

The new survey, based on data collected by Harris Interactive, features perspective from more than 2,000 working professionals in the U.S. It concluded that while 62 percent of employees would be receptive to security software on personal devices, these requirements would need to be communicated clearly by their employer. While allowing such devices to access company data provides real business benefits, it can also expose businesses to higher risk of security threats, including phishing attacks, malware, and browser hijacking.

“Companies gain a lot in terms of increased productivity and lower expenses by allowing their employees to use personal devices to access corporate data, but it can create a real challenge for the IT department to secure devices they do not control,” said Mike Malloy, executive vice president of products and strategy at Webroot. “We believe a good mobile security app is a critical part of the solution, but the company must work with its employees by proactively communicating and making them part of the security process to get compliance.”

What can organizations do?

The BYOD Bill of Rights was created as a guideline to bridge the gap between employees’ preferences and the needs of the organization. All professionals should have the following rights regarding their personal devices:

Employees have the right to:

  1. Privacy over their personal information
  2. Be included in decisions that impact their personal device and data
  3. Choose whether or not to use their personal device for work
  4. Stop using their personal device for work at any time
  5. Back up their personal data in the case of a remote wipe
  6. Operate a device that is unencumbered by security apps that significantly degrade speed and battery life
  7. Be informed about any device infections, remediation or other activity that might affect device performance or privacy
  8. Download safe apps on their personal device

“We believe a structure such as the BYOD Bill of Rights can be very helpful in creating an open dialog between organizations and the individuals using personal devices and creating security policies that acknowledge the needs of both parties,” said Malloy.

About Us

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world.