The increasing prevalence of BYOD (Bring Your Own Device) amongst SME staff in Singapore is causing a headache for IT admins, who feel they are ill-prepared to deal with growing security issues associated with the trend, according to the results of a study conducted by SolarWinds.
These results are part of a wide-ranging survey of 150 IT decision makers at Singapore SMEs (65 from SMEs with under 50 staff, and 85 from SMEs with over 50 staff), across a range of industries, conducted in September to gauge how BYOD is impacting the SME sector.
Almost half of those polled (47 percent) place the security and safety of mobile devices solely in the hands of their staff, with only 16 per cent providing staff with some assistance in securing their device, such as installing anti-virus or anti-spam programs.
Despite the fact that over 70 percent of respondents agreed that mobile devices pose the biggest risk to network security, and almost the same amount (67 percent) admitted to heightened concerns because their employees used their own devices rather than company supplied devices for work, only half of all those surveyed said that they had developed an IT security plan for their business.
The most common issue faced by those charged with managing and securing employees’ personal mobile devices within their network was the inability to rapidly identify, quarantine and mitigate threats, with 35 per cent citing this as a problem.
Other BYOD issues included the visibility (or lack thereof) of corporate devices on the network, viral attachments, and even uncooperative employees, with 27 percent highlighting this as a roadblock to mobile security.
“Given that more than a third of all SMEs surveyed (35 percent) have all of their staff using their own mobile devices for work, the lack of assistance provided to staff to secure those devices poses a significant risk for organisations of this size,” said Sanjay Castelino, VP and market leader, SolarWinds. “In fact, around 10 per cent of the respondents reported that their employees’ mobile devices have already threatened the security of their organisation.”
Surprisingly, this figure was skewed upwards by larger organisations that would be expected to have more defined security policies and procedures in place than their smaller counterparts, with 15 percent of those in businesses of 50 or more staff reporting a previous threat to security, but just three percent from those with less than 50 staff.
Additionally, almost a third of those who had implemented a mobile security solution (31 percent) only did so in response to a threat, rather than to mitigate against potential threats.
To contextualise the scale of the problem, in Singapore, an SME is defined as having an annual sales turnover of not more than S$100 million (US$80 million) or not more than 200 staff. This represents 99.3 percent of all businesses in Singapore.
The most common user behaviours on mobile devices which threaten the security of the Singapore SMEs surveyed include:
· Loss of handsets
· Unsecured sharing of company files/data
· Use of unsecured WiFi
· Creating passwords which are too easy to crack
· Not using a VPN and visiting phishing or malware sites
“These issues have been largely experienced in the enterprise or larger business end of town, but today’s results show that Singaporean SMEs are just as exposed. The survey results demonstrate a real disparity between the recognition of the potential problems posed by BYOD and the level of activity around addressing those issues,” said Castelino. “Singapore SMEs need to take a more hands-on approach in managing their employees’ mobile devices which access their corporate network.”