Despite the freewheeling autononmy implied by the "bring your own device" movement, companies that embrace the consumerization of IT still have policies in place to govern the management and security of those devices. According to a new survey from Fortinet, though, a majority of younger employees are more than willing to ignore those policies if they don’t agree with them.
Fortinet surveyed 3,200 individuals between the ages of 21 and 32 in 20 countries. The respondents were all college graduates, employed full-time, who own their own smartphone, tablet, and/or laptop.
Fortinet’s survey found that a majority—51 percent of those surveyed—reported they would bypass or circumvent company policies that restrict the use of personal technology, cloud storage, or wearable technology for work.
The pervasive attitude of younger workers illustrates one of the prevailing forces driving BYOD. Basically, companies were left with a choice of embracing and managing BYOD, or having users simply break the rules and do it anyway.
John Maddison, vice president of marketing for Fortinet, says the survey also has a silver lining. “On the positive side, however, 88 percent of the respondents accept that they have an obligation to understand the security risks posed by using their own devices," he says. "Educating employees on the threat landscape and its possible impact is another key aspect for ensuring an organization’s IT security.”
Still, Fortinet found a majority of those surveyed are not educated about current threats like APTs (advanced persistent threats), botnets, or pharming attacks, so there is some work to be done by IT admins to make sure users know what they’re up against.
First, educate users about current and emerging threats so they understand the risks. Make sure they know basic security best practices to protect their device and the company data and resources they've been trusted with.
Second, and arguably more important, IT admins can't simply ignore or ban new services. If users are adopting unauthorized tools and technologies, it's generally to fill a void that existing devices and services just aren't addressing. Work with users to understand the business value of the tools they're embracing, and either find a way to allow those tools to be used in a way that's compliant with company policies, or find a suitable, company-sanctioned alternative that meets the same need.