Should CIOs use a carrot or a stick to rein in BYOD workers?

Tom Kaneshige

Like the sword of Damocles, the CIO's hand on the mobile kill switch hangs over employees and their BYOD smartphones and tablets. If employees do not adhere to the company's security policy, then their personally bought phones may suffer a terrible fate. To comply or not to comply, that is the BYOD question.

Conversely, CIOs can lead BYOD employees to greener security pastures by dangling a stipend in front of them — that is, the promise of a monthly payment that offsets the cost of the phone bill in return for following the company's mobile device policy.

Whether using the stick or the carrot, CIOs must find a way to get BYOD employees to care about security. Mobile security provider AdaptiveMobile surveyed 500 companies (and employees), with 80 percent supporting BYOD, and found that half of all companies experienced a breach within the last 12 months. One company in the study lost $80,000 when its financial database was hacked last year via a mobile device.

A Centrify survey of more than 500 employees at mid-to-large companies showed that 43 percent have accessed sensitive corporate data while on an unsecured public network, 15 percent have had their personal account or password compromised, and 15 percent say they have no to minimal responsibility to protect data stored on their personal devices.

Why IT Sometimes Goes to Extremes
Some CIOs have taken drastic measures to combat the problem. In an extreme case, employees can be fired for not complying with BYOD security policies. More than 60 percent of companies in the AdaptiveMobile survey said they have kill switch and lock device capabilities that most employees aren't aware of.

Now companies want to bring awareness to the kill switch, in hopes of making employees more responsible when using BYOD, according to the AdaptiveMobile survey.

The smartphone kill switch is making news lately. Wireless industry group CTIA announced a partnership between major smartphone makers and wireless carriers to enable kill-switch functionality, a measure aimed to thwart smartphone theft. At the heart of the partnership, a provision blocks factory reset capabilities and makes stolen devices useless after a certain number of failed password attempts.

Many BYOD policies grant CIOs similar powers, such as locking devices and remotely wiping apps and data. BYOD employees often mindlessly hand over these rights. The security policy usually shows up as a wordy single page in small print with a "click to accept terms" button at the bottom, which online employees are accustomed to scroll down and click.

"Companies already have more control and visibility than people realize as shown in our research, from monitoring apps installed through to potentially locking or resetting a device," says Gareth Maclachlan, chief commercial officer and co-founder at AdaptiveMobile.

1  2  Next Page