Thursday, July 31, 2014 Last update: 6:33 AM - All Company Technology News Since 1996

New Webroot Report Reveals Disparities Between Corporate Mobile Security Policies and BYOD Practice

Companies mentioned in this article: Webroot

BROOMFIELD, Colo., July 10, 2014 /PRNewswire/ -- Webroot, the market leader in cloud-based, real-time internet threat detection, today published a new BYOD Security Report, which uncovers the disparities between IT policies and practices and the employee's concerns and preferences related to Bring Your Own Device (BYOD) and provides suggestions and best practices to reduce the risk to corporate data from employee-owned mobile devices. This report is based on first-of-its-kind research, which examines the use and security of personal mobile devices in the work environment from both the employee and employer perspectives. The initial survey, conducted in late 2013, explored the prevalence of employee-owned devices, how they are being secured, and employee concerns regarding company-mandated security programs. The second survey, conducted in March 2014, looked at how IT managers view the risk of employee-owned devices, the prevalence of formal mobile security policies, and the extent to which employee input is included in developing BYOD policies.

Key findings from the Webroot BYOD Security Report include:

    --  Although 98% of employers have a security policy in place for mobile
        access to corporate data, 21% allow employee access with no security at
    --  Over 60% of IT managers surveyed reported the use of personal devices by
        their employees and 58% indicated they were 'very' or 'extremely'
        concerned about the security risk from this practice.
    --  Most employee devices are lacking real security with only 19% installing
        a full security app and 64% of employees limited to using only the
        security features that came with their devices.
    --  Over 60% of employers indicated they seek employee input on mobile
        device security policies, but over 60% also said employee preference has
        little or no influence on mobile security decisions.
    --  Top concerns from employees regarding a company-mandated security app
        include employer access to personal data, personal data being wiped by
        an employer, and employers tracking the location of the device. Other
        concerns included impact on device performance and battery consumption.
    --  46% of employees using personal devices said they would stop using their
        devices for business purposes if their employer mandated installation of
        a specific security app.

The new "Fixing the Disconnect between Employer and Employee for BYOD" report, based on data collected by Harris Interactive, features perspectives from more than 2,000 working professionals and more than 205 full-time IT professionals in the U.S. who have a major influence on mobile device security decisions. It concluded that while there are many areas of agreement, there are also some striking signs that many employers and employees do not take adequate steps to protect company information, a weakness that could result in critical security breakdowns. There is also evidence that employers may not be working collaboratively enough with employees in deciding how to manage BYOD security. This can create problems given the large number of personal devices being used for work purposes.

"Traditionally, employers could dictate the type of security used on each device, because all devices were company-issued and IT could fully manage them," said Mike Malloy, executive vice president of products and strategy at Webroot. "Today, with so many personal smartphones, tablets, and laptops now being used to access corporate data, the productivity gains and cost-savings for employers are substantial, but IT security policy-makers have to think differently and work more collaboratively with their users to determine security policies and practices that address the concerns of both parties."

Bridging the Gap: Where do employers go from here?
From the results of the employee and employer research surveys, it appears that most disconnects over the use of personal technology to access corporate data can be solved by better communication between both parties over their security, data and privacy concerns.

When it comes to BYOD policies, Webroot recommends:

    --  Employees must have mobile device security, and employers need to ensure
        they install adequate protection and require features like password
        access are always turned on.
    --  Invest in educating employees about the risks associated with mobile
        devices and the benefits of securing devices. An informed user is more
        likely to buy into BYOD security requirements.
    --  Don't mandate security solutions without engaging users first -
        otherwise, employers risk losing productivity from nearly 50% of
    --  Acknowledge the employee's BYOD concerns and personal privacy when
        setting mobile security policy by using a framework such as the "BYOD
        Bill of Rights."
    --  Ensure browser data security breach concerns are answered to the
        organization's satisfaction.
    --  It's great to have policies, but they only work and are respected if
        they are enforced.
    --  Simplify management -letting employees choose different security is time

"We believe if employee concerns about personal privacy are not addressed, or a security app that slows the device or drains the battery is forced upon employees, many will simply stop using their personal devices for work," said Malloy. "These concerns definitely influenced the way we designed Webroot Mobile Security for businesses."

About Webroot
Webroot is the market leader in cloud-based, real-time internet threat detection for consumers, businesses and enterprises. We have revolutionized internet security to protect all the ways users connect online. Webroot delivers real-time advanced internet threat protection to customers through its BrightCloud® security intelligence platform, and its SecureAnywhere(TM) suite of security products for endpoints, mobile devices and corporate networks. Over 7 million consumers, 1.5 million business users and 1.3 million mobile users are protected by Webroot. Market-leading security companies, including Palo Alto Networks, F5, Cisco, RSA, NetCitadel, GateProtect, Microsoft and others choose Webroot to provide advanced Internet threat protection for their products and services. Founded in 1997 and headquartered in Colorado, Webroot is the largest privately held internet security company in the United States - operating globally across North America, Europe and the Asia Pacific region. For more information on our products and services, visit

© 2014 Webroot Inc. All rights reserved. Webroot, SecureAnywhere, Webroot SecureAnywhere and BrightCloud are trademarks or registered trademarks of Webroot Inc. in the United States and other countries. All other trademarks are properties of their respective owners.

Logo -

SOURCE Webroot