| August 19, 2015
August 19, 2015
Shadow BYOD: The mobility program you thought you didn’t have
While the federal government might be under the impression that it doesn’t have a BYOD program, it is overlooking a key issue: Shadow BYOD.
Shadow BYOD is very similar to Shadow IT, in which employees use technologies -- usually to enhance their productivity -- that the IT department has not sanctioned or deployed. In Shadow BYOD’s case, it’s the issue of unmanaged personal devices connecting to the network and accessing government or corporate data.
This is a real problem for the federal government, according to a report from Lookout, which shows that the lack of a formal BYOD program puts sensitive data at risk because employees are getting around the rules and using their devices anyway.
According to the survey of 1,000 federal employees included in the report, 50 percent of federal employees access work email from their personal device, and another 49 percent use their personal device for downloading work documents. Twenty-four percent actually send work documents to personal email accounts.
Your agency doesn’t allow personal mobile devices at work, though, right? Turns out 40 percent of employees at agencies with rules prohibiting personal smartphone use at work say the rules have little to no impact on their behavior.
Like with Shadow IT, this may be because people are often trying to find the best ways to do their jobs.
As we saw earlier this year, even Secretary Clinton reportedly used her personal email for State Department work. Federal employees are using personal technology whether a BYOD program is in place or not. As the government evaluates its cybersecurity posture, it must also take into account the increasing role mobile plays in today’s workplace and assess how to better protect the sensitive data accessed by federal employees’ devices.
Especially because those devices are not always protected. Nearly half (49 percent) of federal employees use no security app or solution on the mobile devices they use at or bring to work. Thirteen percent of them use these unsecured devices for reading or downloading work-related documents.
As the government attempts to harden itself against cyberattack, it must consider all of the entry points into its systems, including the BYOD programs that may be hiding outside the IT department’s purview. To ignore mobile is to both leave a gaping hole in your organization’s cyber-defense plan and to leave unacknowledged a piece of technology that clearly employees find valuable to their productivity.
Check out the full report here