With the General Data Protection Regulation (GDPR) just around the corner, The Executive Magazine explores a cyber security risk that hasn’t been given enough attention in the press – despite its strong links to an increasingly popular policy in the digital world.
Unless you’ve been completely off the radar in recent months – and have no contact whatsoever with your company’s IT and marketing department – you will have certainly heard of the GDPR which, after much anticipation, is finally set to come into force tomorrow.
But are companies truly prepared for what will no doubt be a seismic shift in the way we manage data and safeguard the cyber resilience of our corporate technology?
With just a day until the new law hits the UK, new research has uncovered a staggering find: there is considerable correlation between ‘bring your own device’ (BYOD) schemes and a higher cyber security risk in small businesses.
Six in 10 SMEs – from a sample of over 500 business owners – reported having experienced a cyber security incident since rolling out a BYOD policy, with this figure ballooning to almost 95% when considering organisations of up to 250 staff.
In a nutshell, BYOD schemes mean employees also use personal devices such as laptops, tablets and smartphones for work rather than just their general day-to-day activities. Many companies vouch for it due to its alleged productivity and cost savings, and the policy has been making significant inroads in the business world in the UK and beyond.
While research is divided, some firms claim BYOD helps staff feel more productive, increases morale, and is generally more convenient – as well as making the organisation look like a more flexible and attractive employer. However, while allowing employees to work anywhere, at any time, can be commercially beneficial, it brings about considerable risk when it comes to security.
The recent research, from merchant services provider Paymentsense, revealed that these schemes are prevalent across small businesses, with larger SMEs being more likely to roll them out. While for microbusinesses the rate of adoption stands at 40%, businesses of up to 100 people reported a rate of 51%, while those of up to 250 claimed almost 70% of staff bring their own devices.
Of particular concern was the correlation between this boom in popularity and cyber security: as BYOD becomes more prevalent, so do cyber-attacks. Just one in seven (14%) microbusinesses reported a cyber security incident since rolling out BYOD, while those of up to 500 employees recorded a 70% rate – which then rose to a whopping 94% across companies of up to 250 staff.
The most common incident was malware, which affected two-thirds of SMEs. Next were viruses, distributed denial of service, data theft and phishing.
“Although our study shows the popularity of BYOD amongst small businesses, it’s alarming to see so many reporting incidents since implementing these schemes,” said Chafic Badr, head of digital at Paymentsense.
“As with all cyber security issues, the biggest factor is the human one – employees need to be aware of their responsibilities and the risks associated with a BYOD system. This is particularly important when you consider personal data responsibilities in the post-GDPR landscape.
“Business owners should create concise guidelines to help staff use best security practices in their daily activities – both within the office and outside. It’s also worth remembering that when mobile device users are away from work, susceptibility to threats such as phishing tends to increase.”
To make sure your company is ready for the big regulation changes tomorrow, visit the Information Commissioner’s Office website for extensive guidance.