Use of unprotected personal devices in the workplace continues to put corporate data at risk

07 December 2016

Many workers admitted that they used personal devices such as laptops and USB drives to work with corporate emails and files.

Many workers admitted that they used personal devices such as laptops and USB drives to work with corporate emails and files.

Only 18 per cent of office workers in the UK who use a personal account/device to access work files or emails say the data is always encrypted by their employer, according to new research.

In a recently conducted online survey of 2,053 adults of which 1,090 were employees, YouGov and encryption specialist WinMagic highlighted the risks to corporate data from staff use of unauthorised and inadequately protected devices.  

Forty-two per cent revealed that they use devices not provided by their employer to work with corporate emails and files. These include personal laptops (30 per cent), smartphones (22 per cent) and USB storage drives (17 per cent).  

Fifty-two per cent of respondents also admitted to using personal online accounts, such as Hotmail, Gmail and Dropbox to store or access work files.

However, almost half said that they did not protect all their devices with up to date security software. WinMagic points out that although it is the employee’s responsibility to protect personal devices, employers need to do more to control and protect the way in which corporate data is moved.

Only 18 per cent of respondents said that their employer always encrypted the files accessed through personal devices or stored on personal online accounts.

WinMagic warns that the EU General Data Protection Regulation will apply to UK companies from 2018 that are ‘controllers’ or ‘processors’ of European personal data, regardless of Brexit.  

WinMagic COO says IT habits are "out of control" in the workplace.

WinMagic COO Mark Hickman says IT habits are "out of control" in the workplace.

It says there are stringent rules on the management of personal data and hefty fines for failures that lead to a breach, accidental or otherwise. Personal data will include identifiers such as an account numbers and even IP addresses.

“IT departments need to consider carefully how they strike the balance between giving employees the flexibility they need, and ensuring the security of corporate data,” says Mark Hickman, WinMagic COO. 

“Achieving that requires a combination of software and employee education to help improve personal IT habits that are out of control of the workplace.”

Hickman believes encryption can play a key role here, and remains the “last line of defence” when an online account is breached or a device lost.