A survey by Kaspersky Labs indicates that only one in ten employees are serious about keeping work information safe on their personal devices. Given that almost half of respondents indicated that they use their personal devices for work, this significantly extends the threat horizon for organisations.
The survey reveals that:
- 36% of respondents store work files on personal devices
- 34% store work-related email messages on personal devices
- 18% store passwords to corporate email accounts
- 11% store passwords to corporate networks or VPNs
Although the survey highlights the dangers of using bring-your-own-device (BYOD) models, the team at Kaspersky acknowledge the importance of BYOD and the benefits it brings to businesses.
They recommend that BYOD integration be regarded as a specific project, where every last detail of the integration process is designed beforehand. Ideally, this project should also include an infrastructure audit, a design stage and a pilot implementation.
The integration of BYOD into the IT infrastructure must be implemented responsibly by skilled professionals, and a robust approach must be developed to deal with personal devices that are lost or stolen, or if an employee leaves the company.
BYOD is just another fundamental element of developing a comprehensive cyber risk strategy. Owing to the constantly changing nature of cyber threats, a cyber risk assessment should pre-empt potential risks and help build strategic defences to ensure the organisation is secure – not only inside but also outside its usual physical boundaries.
ISO 27032 provides a framework for improving cyber security and offers guidelines for implementing controls to defend against cyber threats.
vsRisk™, the definitive cyber security risk assessment tool, includes the control set from ISO 27032 to help organisations select appropriate measures for bolstering their cyber security defences. In addition to ISO 27032, vsRisk also includes six other control sets, including ISO 27001 and NIST SP 800-53.