Many hailed BYOD as being the answer to hospital communication problems; and while the schemes have proved highly popular; many now see the BYOD security risks as being too problematic to allow the true potential of Smartphones to be realized. An increasing number believe the BYOD really stands for Bring Your Own Doom.
However, physicians & nurses love the convenience of Smartphones, and the rapid communication they allow. Remote workers, field staff, and mobile healthcare staff also require a quick and easy communication system. IT staff are less keen, due to the difficulty – or impossibility – in controlling what users do with the devices they connect to the network.
A recent survey conducted CompTia, a non-profit IT trade association, suggests that the BYOD security risks now outweigh the advantages that Bring Your Own Device schemes offer. Hackers are targeting companies for the data they hold, to sell to criminals, use for identity fraud, find out company secrets and sabotage systems.
The problem of controlling hundreds, if not thousands, of devices that are not only used for work, but also for personal communications, internet access, downloading and sharing, is seen as too difficult. The apps that are used for personal reasons would not be used (most of the time) to communicate PHI, but their security flaws could allow hackers to gain access to the devices, the data stored on it, and to the network the devices connect to.
BYOD Security Risks too Difficult to Mitigate?
Over half of IT professionals (53%) said they now have a “no BYOD” policy, and the use of personal mobile devices at work is banned. Instead, the companies have chosen to purchase the mobile devices required, and distribute them to the staff.
Full BYOD policies are proving the least popular. 58% had a full BYOD policy in 2013, 50% in 2014 and this year the figure stands at 40%. “Full BYOD” policy. This means all devices used were supplied by the staff, if they wanted to use them, at work.
40% of IT professionals operate a “partial BYOD” policy. Certain personal mobile devices are permitted to be used to access work systems; however some mobile devices were provided by the company to key members of staff.
No BYOD policies are now more popular, rising from 34% in 2013, 45% in 2014 and this year, 53% now operate a No BYOD policy.
It’s not Quite the Death of BYOD
CompTIA senior vice president for research and market intelligence, Tim Herbert, said “It’s not quite the death of BYOD, but there does seem to be a decrease in the use of BYOD in enterprises.” The report issued on the survey results highlights the changes in BYOD scheme popularity. Herbert said, “There is a clear move towards a policy of no BYOD.”
One issue that is avoided with BYOD is healthcare workers would not have to carry two devices; however, in reality this may not be that big a deal. Employees just don’t want to use a phone they do not like. Herbert says “[employees] are often happy to take a corporate device if it is the same thing they would choose on their own.”
The BYOD security risks are numerous, but the banning of personal mobile devices is not workable in practice. Herbert says, “Ambitious employees will find ways to utilize personal devices and applications even if they are forbidden.”
The survey was not conducted specifically on the healthcare industry, but on IT professionals employed in numerous U.S industries. The survey was conducted during April and May of this year. CompTIA analyzed the results of the 375 completed surveys received.