Identity crisis: TFL’s lost and found highlights the risk of BYOD

Mobile phones topped the list at a staggering 23,453, laptops followed in second place at 1,155, after that it was tablets (1082). eReaders, Amazon Echo’s and drones made up the rest of the numbers.

According to the think tank, this information should raise serious concerns for business leaders in regards to data security, as the risk behind these figures becomes evident when it’s considered alongside the rise of BYOD.

>See also: 5 ways remote access will transform everything in 2018

BYOD stands for “Bring Your Own Device“, this entails allowing staff to bring their own devices to work. Companies have primarily tended to adopt this model to save money, by way of eliminating the need to buy employees devices themselves. The rise in remote working has also contributed to the surge in BYOD. According to research from 2017, more than 67% of workers now use their own devices.

While the benefits of BYOD infrastructure is alluring, taking into account the reductions it can bring in IT spend, the disadvantages are rather serious.

Robert Coleman, UK&I CTO of CA Technologies, said: “The security threat posed by lost and stolen devices has increased dramatically. Apps without strong security protection can be an easy route into a goldmine of corporate data.”

>See also: Woody & Kleiny: Security, privacy and the next-gen workforce

This is an important point, especially in the post-GDPR world we live in, as lost data is no longer just a reputational issue: it’s a compliance one. If a CTO is under the impression that the employee is responsible for the data on their own device they are wrong. According to ICO: “The data controller must remain in control of the personal data for which he is responsible, regardless of the ownership of the device used to carry out the processing.”

Coleman added: “Nobody can prevent mobiles and tablets from being misplaced, but companies can ensure that the applications which reside on these devices are only accessible by the correct privileged users so that fraudsters cannot exploit them as a backdoor into the business.”

In their report, Parliament Street issued three recommendations for business leaders:

  1. Implement an identity verification strategy for every employee
  2. Increase security verification training for all members of staff
  3. Scrap trust as a strategy

Avatar photo

Andrew Ross

As a reporter with Information Age, Andrew Ross writes articles for technology leaders; helping them manage business critical issues both for today and in the future