Millennials pose greatest BYOD risk

Millennials prove to be a greater data security risk compared to other age groups, says Absolute Software Corp., following a recent study.

However, many small business owners believe BYOD (bring-your-own-device) poses no threat to their company and have no interest in spending on mobile device security—while employees themselves think security is the responsibility of the business.

Meanwhile, a separate study by Kaspersky Lab found that two-thirds (62%) of business owners and employees now use personal mobile devices for work, indicating that BYOD is no longer a developing trend, but a widely accepted business practice. It affects companies of all sizes, the study says.

Generation risk

Absolute Software’s report demonstrates clear differences in generational behavior and associated risks related to data security:

• Yours, mine, ours. 64% of millennials use their employer-owned device for personal use, as opposed to 37% of baby boomers. (Overall, 52% of respondents use their employer-owned devices for personal use.)

• Millennials modify, boomers stand pat. 35% of millennials modify their default settings, compared to 8% of baby boomers. (Overall, 21% of respondents have modified the default settings on their work devices.)

• “What boundaries?” 27% of millennials access "Not Safe For Work" content, compared with only 5% of baby boomers.

• “Oops!” 25% of millennials believe they compromise IT security, compared with only 5% of baby boomers. (Overall, 14% of all respondents believe their behavior compromises the security of their organization.)

In the Kaspersky study, attitudes towards protecting the information security of these devices often leave much to be desired. The security firm found that 92% of respondents say that they keep sensitive corporate data on smartphones and tablets which they use for both work and personal activities. In addition, 60% are concerned about the threat of surveillance and information theft via mobile devices. Yet they do not actively protect themselves and rely on their employers to do so.

One in three firms clueless

As for employers and small business owners, a third (32%) of those surveyed do not see a danger to their business in staff using personal mobile devices for work. The risk of data theft from an employee’s mobile device is not a pressing concern for them, so they do not pay much attention to it. However, representatives of larger businesses are more concerned about employees losing their mobile devices: 58% fear that the theft or loss of a device could damage the company.

Representatives of smaller businesses, who tend to be less interested in specific protection for mobile devices, believe that the basic security tools offered within free solutions should be sufficient. They don’t see any added value in spending extra money on dedicated solutions. More than 80% of respondents were not interested in information about managing the information security of mobile devices.

Perils of tech security ignorance

This attitude—on the part of both device owners and their bosses—opens up a serious vulnerability for a corporate network. This weakness can potentially be exploited by cybercriminals as well as by unscrupulous competitors. There is always a chance of suffering financial losses (e.g. from a loss of client base), even if the general feeling is that a lost mobile device cannot cause any damage to the company.

Moreover, according to Kaspersky Lab statistics, one in five Android users encountered a mobile threat in 2014; and 53% of such attacks were bank and SMS Trojans. Protection of the mobile environment is becoming a critical component of security.

Download Absolute’s U.S. Mobile Security Device Survey Report