Risk Assessments/Management, Identity, Distributed Workforce, Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Four in 10 temporary BYOD policies will become permanent

A person wearing a protective mask uses a laptop computer in Bryant Park on March 23, 2021 in New York City. (Photo by Cindy Ord/Getty Images)

During coronavirus lockdown, many organizations hurriedly created temporary bring your own device or bring your own PC policies. The annual Verizon Mobile Security Report found that around four in 10 will remain permanent, even after employees return to the office.

The Verizon report combines technical statistics and thorough polling of staff buying, managing and securing mobile devices – 858 respondents in total. After a strange year, it's one of the most thorough looks at how COVID accelerated and instigated change in work-from-home systems.

"The report says, 'Let's just stop calling it remote work or work from home and just call it work,'" said Verizon Chief Security Evangelist David Grady. "The requirements for securing your employees, no matter where they are, have to continue to evolve, and that means that security organizations need to understand that it's not one size fits all."

In fact, 66% of professionals polled said the term "remote work" would die out within five years.

The report tabulates the share of time spent in remote work almost doubling, from 32% to 62%, a rise that required the massive ad hoc creation of BYOD and BYOPC policies and other security measures. The rush left gaps in policy and hardware. Forty-nine percent of respondents said lockdown weakened mobile security, and some of that weakness might continue even as workers return to the office. Thirty-nine percent of BYOD policies and 42% of BYODPC policies created for COVID-19 will be made permanent, per the report.

Revamping those policies into something secure is only part of the work ahead. Nearly six in 10 companies do not have acceptable use policies for mobile devices, the report noted. Acceptable use policies would cover games, apps and content that companies do not allow users to access from their devices. Enforcement is as big a problem as creating the policy; 45% of respondents that prohibit use of social media know their employees are using it anyway, per the study.

"If you want to be a fun employer and have no controls, and you let them download games onto their company-issued phones, what are the permissions on those apps? Can they get into your clipboard, and into your camera or microphone? We recommend that the acceptable use policy be on par with any other policy in the organization: social media policy, harassment policy or drug use policy," Grady said.

According to Grady, the change in times needs a change in solutions.

"Ninety-seven percent of the respondents said that remote workers are more exposed to risk. And I would just ask them, 'What are their plans to mitigate that?' To me, that's a very big number," he added.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.