BYOD- What do organisations really know-

Welcome to the new 144 cyber warriors who joined us last week. Each week, we'll be sharing insights from the MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA stages.

Keep up with our weekly newsletters on LinkedIn — subscribe here.

This week we’re focused on…

BYOD- What do organisations really know-

The realities of employees using their own devices for work, and whether organisations really understand why, when, and how much their team members are using personal devices.

Research shows organisations don’t know as much as they think

The 2024 State of Cybersecurity Report by Ivanti turned up some interesting findings about ‘bring your own device’ (BYOD) practices.

Perhaps most important is this contradiction:

Security teams said they know when employees use their own devices for work.

But Ivanti’s research showed they don’t.

According to the IT and security experts included in the study, BYOD is practiced at 84% of organisations around the world, in spite of the fact that only 52% actually allow it. Among the organisations that do not allow BYOD, 78% said employees do use their personal devices at work – even if it’s absolutely forbidden in company policy.

Of the organisations that do ‘allow’ BYOD, a third don’t actually explicitly allow it – they just tolerate it or look the other way; and they don’t track it.

This is important, because BYOD poses a relatively high risk to an organisation’s security; with unsecured endpoints that could be exploited by threat actors to gain access to the organisation’s network. The reluctance to ban or track BYOD effectively exists even among security and leadership teams that are aware of the risks.

The office workers included in Ivanti’s research confirm the reality that BYOD is happening far more than most organisations know, with 81% admitting they use a personal device of some kind for work. Half of them are using personal devices to login to work software and networks, and 40% said their employers don’t know they’re doing this.

For employees, the top reasons for using their own devices were:

They prefer the UX of their personal devices.
Their employers don’t provide mobile devices.

Why aren’t these organisations tracking BYOD?

One of the key reasons why a third of the organisations in this survey don’t track BYOD is simply that they don’t have an effective way to do it. Only 63% of organisations in the survey reported having an IT and cybersecurity system that enables them to track BYOD alongside their organisation-owned devices.

And of those that tolerate BYOD and don’t track it, many are reluctant to explicitly ban it – because that drives higher levels of shadow BYOD, when employees use personal devices without the knowledge of their employer.

What’s the solution?

According to Ivanti’s researchers, it’s essential that organisations achieve better visibility and control over BYOD in order to minimise the risks.

Unified endpoint management (UEM) could be the key to unlocking this visibility, if it includes features that enable an employer to manage personal devices as well as IT assets belonging to the organisation. UEM systems can enable organisations to:

Set system access protocols, such as allowing the minimum necessary network access to employees using personal devices.
Enforce strong passwords.
Implement software updates.
Apply force lock-out and purge features if a breach is identified or suspected.

UEM solutions also allow organisations to partition employee-owned devices, to separate personal data from work data – which means if they do have to purge work data from a device, they can do this without affecting personal data.

We want to know what you think

Is it possible to have full visibility and control over BYOD practices? Open this newsletter on LinkedIn and tell us what you think in the comment section. We’ll see you there – and we might reach out to feature your comments in a future BHMEA newsletter.

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 25 December 2024.

Catch you next week,Steve DurningExhibition Director

Join us at MEA 2025 to grow your network, expand your knowledge, and build your business.

你可能想看：

Article 2 of the Cryptography Law clearly defines the term 'cryptography', which does not include commonly known terms such as 'bank card password', 'login password', as well as facial recognition, fi

APP Illegal Trend： Interpreting the 'Identification Method for Illegal and Unauthorized Collection and Use of Personal Information by APPs'

d) Adopt identification technologies such as passwords, password technologies, biometric technologies, and combinations of two or more to identify users, and at least one identification technology sho

In today's rapidly developing digital economy, data has become an important engine driving social progress and enterprise development. From being initially regarded as part of intangible assets to now

Five ways to safeguard your brand after your organisation gets hacked

Announcement regarding the addition of 7 units as technical support units for the Ministry of Industry and Information Technology's mobile Internet APP product security vulnerability database

Analysis of Windows spyware, will you still easily download Windows crack software？

As announced today, Glupteba is a multi-component botnet targeting Windows computers. Google has taken action to disrupt the operation of Glupteba, and we believe this action will have a significant i

Knowledge Point 5： Bypass CDN through Space Engine & Use Tools for Global CDN Bypass Scanning