87% of businesses feel that employees using their personal devices for work is making security more challenging, but many do not consider this challenge to be as high a priority as other security concerns. These results are from a new study from F-Secure that surveyed 1780 professionals working in European companies about their security practices, which uncovered some staggering gaps in the way businesses approach security.
The study found that many businesses have a general sense of a need for reliable security, but are often unable to connect that need with specific kinds of protection. For example, 92% agreed that managing security would become more of a priority in the next 12 months, while 87% agreed that the bring-your-own-device trend (BYOD) is making security more challenging and only a third (36%) had a mobile device management solution in place to help them manage BYOD security risks.
This problem was particularly pronounced in businesses with 25-199 employees, which lagged behind larger enterprises in protecting BYOD fleets and mobile devices in general.
Specific gaps in this segment’s security include:
- Only 29% had a mobile device management solution, compared to the sample’s average of 36%.
- Only 29% provided mobile security for phones and tablets, compared to the sample’s average of 37%.
- Only 41% used VPNs, compared to the sample’s average of 50%.
- The segment ranked ensuring smooth IT operations; antivirus/malware protection, and protecting against inbound cyberattacks aimed at stealing financial information, intellectual property and employee or customer data as current higher priorities than securing a diverse range of devices or mobile security in general.
France more concerned about BYOD, but less active than the UK and Germany
There were also significant differences in how different countries implement these security measures. For example, while French respondents ranked securing a diverse range of devices and protecting against inbound cyberattacks aimed at stealing employee or customer data as their top priorities, only 28% of French respondents currently had a mobile device management solution in place. French respondents also ranked securing a diverse range of devices as less of a priority in the future.
On the other hand, 43% of British respondents already had a mobile device management solution. This was in spite of the fact that British respondents ranked securing a diverse range of devices eighth out of a possible sixteen different current security priorities, and ninth out of a possible sixteen future security priorities. The study also gave insights into how some other European countries and regions compared with one another:
- 42% of German companies had a mobile security solution in place, compared to 40 per cent of British and Nordic companies and just 30 per cent of French and Polish companies.
- 43% of British companies had a mobile device management solution, compared to 39% of Polish companies, 37% of German companies, 34% of Nordic companies and just 28% of French companies.
- 58% of German companies used VPNs, compared to 51% of British companies, 49% of Nordic companies, 46% of Polish companies and just 44% of French companies.
According to Jarno Niemela, F-Secure’s security researcher, a failure to address the unique security needs of BYOD fleets represents a serious security gap in endpoint security that could expose companies to the very problems they’re trying to avoid.
“De-prioritising endpoint security, such as by neglecting the security needs of BYOD fleets, essentially avoids dealing with the risks caused by lax security policies and leaves companies open to the incidents they want to avoid,” said Niemela. “Would you run a company PC that has access to email without endpoint security? Of course not. So why give insecure BYOD devices access to email or other company assets?”