A quarter of UK manufacturing companies are putting their IT systems at risk by allowing employees to use their own personal devices at work but not having a formal bring-your-own-device (BYOD) policy in place, according to research carried out by cloud computing specialist Intrinsic Technology.
Half of all the businesses surveyed allow workers to use their own devices on the company network, but only half of those businesses have a secuity policy in place, meaning for the other half there is a huge risk to their IT security.
An illustrative case in point is Vodafone Germany, where a hacker reportedly stole data containing two million customers’ details.
“This attack could only be carried out with high criminal intent and insider knowledge and was launched deep inside the IT infrastructure of the company,” said the operator.
“Manufacturers are seeing the benefits of allowing employees to use their own devices, with increased productivity and cost reduction both appealing. However, if security isn’t formalised then businesses are playing a dangerous game,” says Steve Browell, CTO at Intrinsic Technology.
Formal BYOD policies broadly cover security and correct usage. A policy might provide scenarios such as what happens to devices and data when employees leave the company. Staff could quite easily take sensitive data when they move on unless strict rules are in place.
Policies can also set out what technology measurements need be in place, such as remote data wiping services and agreements, in the event of loss or theft.
Internal IT departments have much less control over employee-owned devices, so cannot guarantee they have the latest security measures installed.
“Employee-owned devices are more likely to be exposed to malware and viruses outside work hours, which can then in turn access the corporate network and infect critical information,” Browell says.
“They also contain corporate information which is not always adequately protected leading to data loss in the event of theft or loss. ”
Intrinsic Technology surveyed CIOs from manufacturing organisations with over 1000 employees.
Intrinsic says the mobile revolution is gaining momentum, with the research also revealing that 40 per cent of manufacturing CIOs believe that buying desktops will become obsolete within four years. The company is calling on firms to prioritise security and strong governance when sanctioning BYOD.
“Manufacturers shouldn’t shy away from reaping the rewards of employees using their own devices, but security must come first. A well-designed BYOD policy, and a clearly articulated guide on how own devices should be used, can limit the risks and put the power back in the hands of the company,” Browell concludes.