A quarter of larger organisations allow employees to use personal devices without a security policy in place, risking data governance and privacy
A quarter (25%) of UK retailers are allowing employees to use personal devices on company networks without any formal policies in place, posing a huge risk to their IT security.
The results come from research carried out by managed services and cloud computing specialist Intrinsic Technology
, which surveyed chief information officers (CIOs) of retailers with over 1,000 employees.
Half (50%) allowed staff to use personal devices at work, yet just 25% had a formal bring-your-own-device (BYOD) policy in place, governing the likes of security and correct usage.
Steve Browell, chief technology officer (CTO) at Intrinsic Technology, said: "Retailers are seeing the benefits of allowing employees to use their own devices, with increased productivity and cost reduction both appealing. However, if security isn't formalised then businesses are playing a dangerous game.
Mixing out-of-hours and corporate data
"Internal IT departments have much less control over employee-owned devices, so cannot guarantee they have the latest security measures installed. Employee-owned devices are more likely to be exposed to malware and viruses outside work hours, which can then in turn access the corporate network and infect critical information. They also contain corporate information, which is not always adequately protected leading to data loss if the device is lost or stolen."
Formal BYOD policies also cover scenarios such as what happens to devices and data when employees leave the company. Browell added that staff could quite easily take sensitive data when they move on unless strict rules are in place. These policies can also protect against the dangers associated with device loss through remote data wiping services and agreements.
Desktop obsolescence prediction
The mobile revolution is gaining momentum, with the research also revealing that 40% of retail CIOs believe that buying desktops will become obsolete within four years. However, Intrinsic is calling on firms to prioritise security and strong governance when sanctioning BYOD.
Browell continued: "Retailers shouldn't shy away from reaping the rewards of employees using their own devices, but security must come first. A well-designed BYOD policy, and a clearly articulated guide on how own devices should be used, can limit the risks and put the power back in the hands of the company."