Corporate Data Security and the “Bring Your Own Devices” or BYOD company policy certainly do not go hand-in-hand. Tom Kaneshige of CIO-Asia.com talks about a recent survey that tackles just how much employees do not care and this is what exactly makes Chief Information Officers worry. The same survey showed a handful of workers accept that they have no responsibility whatsoever on information stored on their personal devices, particularly data protection. The survey also found that most of the workforce in mid-to-large organizations simply have access to delicate corporate data on unsafe public networks, making the said documents/files of information exposed. This is a startling trend, and CIOs dread seeing the clear disconnect between BYOD risk and reality.
And so, the obvious question is posed:
What should companies do about it?
“It is clear organizations need to continue to educate employees on the dangers and risks of mobile security but also look to solutions that safeguard the devices and applications which these employees have access to,” says Michael Osterman, a principal analyst.
Employee education about BYOD risks is usually the quick and easy answer, but employees learning about security has never been a very effective approach. Most employees flip to the end of the security policy and sign off without giving it much thought. Truth is, security practices just aren't top of mind for employees, especially on a daily basis. Some companies are getting tough, attaching BYOD security compliance to employee performance reviews, compensation and, in rare cases, termination. Maybe these measures, the thinking goes, will get employees' attention
A few CIOs have established policies; a few have yet to do so. The challenges of BYOD and employees’ devices are complicated, hence the need to place concrete, definite and established rules. Extreme cases might feel the need for suspension of privileges, of the employee himself/herself or even termination. Chances are if you lose your device and neglect to report so within 24 hours, you lose your job. But of course, instructing employees beforehand is a must. Compliance and results certainly are achievable but continuous education on data security and devices works well for all. It provides the companies control and avoids irritating employees. And at the same time, it gives workers first-hand information on do’s and don’ts that lead to job security.
Read the Original Article: http://www.cio-asia.com/mgmt/leadership-and-mgmt/cios-face-byod-hard-reality-employees-dont-care/