More and more companies are banning employees from using their own devices, like personal mobile phones, at work. A study by ISACA, a non-profit global association of over one lakh IT audit, security, risk and governance professionals, has found that nearly half the companies surveyed in India have security policies that prohibit employees' devices at the office. The fear has to do with risk to the company from the leak of valuable information.
According to the global study, India stood first among its global counterparts in prohibiting outside devices, with nearly half (46%) of Indian companies successfully deploying a policy to prohibit the use of personal mobile devices for work. This was followed by Europe (39%), China (30%) and the US (29%).
Moreover, about 47% of Indian companies reported deploying password management controls for employees' devices as a security layer, compared to 44% of companies in China and Europe, and 42% of companies in the US. But fewer Indian companies showed an interest in remote wipe capability (29%) — which allows employers to erase the contents of an employee's personal device as a security measure — compared to counterparts in the US (46%), China (39%) and Europe (37%).
Avinash Kadam, ISACA India Task Force adviser, says: "The survey results are an eye-opener and present an interesting dichotomy from the governance of IT perspective of Indian enterprises, compared to global counterparts. It is always a challenge to retrieve an enterprise's data when an employee who uses a personal device for work purposes, leaves the company. It is imperative to structure a clear policy for BYOD (bring your own devices)." As an agency, however, ISACA advocates an embrace-and-educate approach: Embrace the technology and the value it brings, but ensure ongoing and pro-active education and training on security policies and risks among employees.