byod survey

Transcript byod survey

Workplace Technology

Prepared for © Harris Interactive April 2013 1

Methodology Questionnaire Design Flow Executive Summary Detailed Findings Appendix © Harris Interactive

© Harris

3 4 6 9 44

Methodology • • • • – – The research was conducted via self-administered online surveys within the United States by Harris Interactive between February 20 - 28, 2013. Two audiences were targeted: Information Technology Decision Makers (“ITDMs”): n=250 Full-time employed mobile device (smartphone and/or tablet) users (“USERs”): n=1,001 Among ITDMs figures for business size (in number of employees) were weighted to bring them into line with the population of business sizes across the US.

Among USERs, figures for education, age by gender, race/ethnicity, region, and household income were weighted where necessary to bring them into line with the population of US residents who own a cell phone or smart phone. For the online sample, our weighting algorithm also included a propensity score which allows us to adjust for propensity to be online. For the phone sample, our weighting also included variables to account for the probability of selection.

All sample surveys and polls, whether or not they use probability sampling, are subject to multiple sources of error which are most often not possible to quantify or estimate, including sampling error, coverage error, error associated with non-response, error associated with question wording and response options, and post-survey weighting and adjustments. Therefore, Harris Interactive avoids the words "margin of error" as they are misleading. All that can be calculated are different possible sampling errors with different probabilities for pure, unweighted, random samples with 100% response rates. These are only theoretical because no published polls come close to this ideal.

USERs: Questionnaire Design Flow

Screener BYOD Familiarity & Usage Company Policies & Security

Questions to screen for full time employed respondents who own and use smartphones or tablets.

   Familiarity and definition of BYOD Frequency of access of work-related information and applications via mobile devices Types of information and applications accessed     Formal company policy Reimbursement policy Device security on and off BYOD Steps taken to protect device, self and employer

BYOD Attitudes

    Responsibility of mobile device security and data recovery Benefits of BYOD Security and recovery responsibility Risks of BYOD 4

ITDMs: Questionnaire Design Flow

Screener

Questions to screen for employees with oversight or decision making authority in IT/Technology systems

BYOD Familiarity & Usage Company Policies & Security

    Familiarity and definition of BYOD Proportion and awareness of employees engaging in BYOD Awareness of employees engaging in Types of information and applications accessed

BYOD Attitudes

      Formal company policy    BYOD policy details Recency of policy implementation  Mobile device mgmt Reimbursement Protocol upon employee severance Employees’ device security Steps taken to protect employees’ devices Importance of security measures Cybersecurity communication with employees     Responsibility of mobile device security Benefits of BYOD Security and recovery responsibility Risks of BYOD 5

Executive Summary and Key Observations • Familiarity with BYOD is low among users and lower than expected with ITDMs perhaps due to the newness of the phenomenon.

• It is important for companies to implement BYOD policies and ensure their employees’ awareness because more users are engaging in BYOD than ITDMs may be aware of.

• Users may also be unaware of their employer’s BYOD policy as evidenced by the disconnect between reported incidence of policies among ITDMs and the user’s unawareness. • Users and ITDMs alike may not be doing enough to protect devices that are accessing company information, as well as the information itself. Users and ITMDs both focus on password/PINs as the main security measure, often ignoring more advanced security.

Executive Summary and Key Observations • With users accepting responsibility for protection and information recovery, it should not be an uphill battle for ITDMs to emphasize the importance of taking proper security measures with their devices.

• Benefits of BYOD are readily recognized by users and ITDMs.

– Users and ITDMs see BYOD as providing convenience, flexibility, and a virtual connection to work for employees. BYOD can also help attract employees as users tend to favor employers with a BYOD permitting policy. • Overall, ITDMs and users are favorable toward BYOD, but have some reservations.

– Most users agree that BYOD is the wave of the future and most ITDMs agree the benefits outweigh the risks. But the low intensity of support may indicate cautious optimism. • Concerns around data protection and employee compliance could be contributing to these less intense feelings. © Harris Interactive 7

Executive Summary and Key Observations • Small businesses see opportunity in BYOD but may also be more vulnerable.

– Despite similar incidence of BYOD usage across company size, smaller companies (500 or fewer employees) are less likely to take action to protect employees’ mobile devices and are less likely to communicate the importance of protective action to their employees. – Smaller companies show those same tendencies in their attitudes as well, assigning low concern to the risks of BYOD. – Companies with 500 or fewer employees are also more likely than larger companies to say the benefits of BYOD outweigh its risks. • The higher vigilance among larger companies may be related to the increased risk due to the volume of employees engaging in BYOD. ITDMs in smaller companies are also more likely to be the owners/executives and thus less familiar with the complexities of implementing BYOD practices.

Awareness and knowledge of BYOD

(Employees bringing their personal mobile devices smartphones and tablets to work to access work-related information and applications.)

Among users, familiarity with the term BYOD is low.

Based on what you know, how would you define what BYOD is? (Among Very/Somewhat familiar) Employees bringing their personal mobile devices (smartphones and tablets) to work to access work-related information and applications.

Employees using their personal mobile devices (smartphones and tablets) to access work-related information and applications outside of work Employees bringing their personal computers to work to access work related information and applications Employees using their personal computers to access work-related information and applications outside of work

Other (specify)

83% 53% 45% 29% 3% Base: All USERs (n=1,001) Q700 Q705

How familiar are you with the term “bring your own device” or BYOD?

Base: Very/Somewhat Familiar (n=259)

Based on what you know, how would you define what BYOD is? © Harris Interactive 10

As expected, familiarity with the term BYOD is higher among ITDMs.

• The term is mainly associated with bringing mobile devices to work to access work related information.

Other (specify)

88% 63% 50% 37% 1% Base: All ITDMs (n=250) Q700

How familiar are you with the term “bring your own device” or BYOD?

Base: Very/Somewhat Familiar (n=134) Q705

Based on what you know, how would you define what BYOD is? © Harris Interactive 11

Over half of Users reported some amount of BYOD behavior during the year.

• Over 4 in 10 use either a smartphone or tablet weekly to access work-related information or applications.

57% BYOD on either mobile device during the year

Base: All USERs (n=1,001) Q800

How often, if at all do you use your personally owned mobile devices to access work-related information or applications?

Majority of ITDMs (60%) think 25% or less of their employees access company info on their personal devices on a regular basis.

Base: All ITDMs (n=250) Q800

Approximately what percentage of your employees do you think access company information or applications with their personal devices on a regular basis (at least weekly)?

However nearly 4 in 10 acknowledge that they may be unaware of some employees that access company information.

-ITDM lack of knowledge -“Convenience”

Base: All ITDMs (n=250) Q801 Q802

Are you fully aware of all employees who access company information or applications?

Base: Unaware of all employees engaging in BYOD (n=90)

Why do you think some employees access company information or applications without your knowledge?

Smartphones are noted as the mobile device of choice for BYOD and email is the application most accessed.

What types of mobile devices do employees use to access company info?

ITDMS

Smartphone

83%

Other

14%

Tablet

66% What types of company information or applications do you/they typically access?

Users ITDMs Company information or applications

Email Calendaring and Scheduling Databases Company Applications Directories Financial information File servers Other 89% 57% 28% 28% 25% 19% 19% 6% 92% 75% 32% 39% 31% 16% 33% 4%

Base: BYOD ITDMs(n=197) Q803 Q810

What types of mobile devices do employees typically use to access company information or applications? Please select all that apply.

Base: BYOD (USERs: n=551; ITDMs: n=197)

What types of company information or applications do you/they typically access? Please select all that apply.

Presence of BYOD Policy

Half of users say their company doesn’t have a BYOD policy whereas more ITDMs claim they have a policy.

Presence of formal BYOD policy

Yes, we allow employees to use their personal mobile devices to access work information or applications Yes, we officially do not allow employees to use their personal mobile devices to access work information or applications No

ITDMS Base: All Respondents (USERs: n=1,001; ITDMs: n=250) Q900

Does your company have a formal BYOD policy?

Base: ITDMs with formal policy (n=146)

Q902 When did your company put your BYOD policy in place?

Even in the presence of BYOD policies, employees are expected to pay for the device and data plan themselves.

Device Reimbursement

Yes, my company pays for the device Yes, my company pays for the data plan Yes, we share the costs of the device Yes, we share the costs of the data plan No, the employee pays for the device and data plan themselves

Base: BYOD (USERs: n=551; ITDMs: n=197) USERs: Q905

Thinking about the mobile device you use to access work information or applications, does your company pay for your mobile device in some way?

ITMDs: Q905

Thinking about those employees who bring their own device, does your company pay for the personal mobile devices or data plans in some way?

Six in ten of users who said their company has a formal BYOD policy said they provide IT support.

Base: USERs and Employer formally allows BYOD (n=206) Q907

Does your company provide IT support for its BYOD policy?

ITDM BYOD policies cover a variety of items.

• Including mobile device management, protection related to privacy and loss, deactivation of network certificates when an employee leaves, and signing of a data security notice.

When an employee leaves the company, what policies and procedures do you have in place?

Deactivate network certificate Remote wipe Remote lock Other None

What does your BYOD policy cover?

Protections for employees related to privacy and loss of personal information Back-up and restore for personal data if an employee loses or inadvertently wipes their mobile device Back-up and restore for personal data if their mobile device is hacked Other

Base: Variable Q903

Are you applying mobile device management as part of your company’s BYOD policy? Base: ITDMs and formally allows BYOD (n=116)

Q907

What does your BYOD policy cover? Please select all that apply. Base: ITDMs and formally allows BYOD (n=116)

Q909

When an employee leaves the company, what policies and procedures do you have in place? Please select all that apply. Base: BYOD ITDMs (n=197)

Q947

Does your IT department require employees to sign some form of a data security notice? All ITDMs (n=250) © Harris Interactive

Does your IT department require employees to sign some form of a data security notice?

YES 52% NO 48%

Security of Devices and Steps Taken

Both users and ITDMs believe employee personal devices are secure.

USERS Security of smartphone and personal tablet ITDMS Base: All USERs with device (Smartphone: n=846; Tablet: n=534) Q910

How secure do you feel your personal smartphone is?

Q912

How secure do you feel your personal tablet is?

Base: ITMDs and employees use device (Smartphone: n=162; Tablet: n=129) Q910

Thinking about those employees who bring their own device, how secure do you feel your employee’s personal smartphones are?

Q912

Thinking about those employees who bring their own device, how secure do you feel your employee’s personal tablets are?

A slight majority of users think their device is more secure when accessing work-related info.

USERS

My personal mobile device is more secure when I am accessing work related information than it is when I am accessing personal information.

Base: BYOD USERs (n=551) Q913

How much do you agree or disagree with the following statement? © Harris Interactive 23

Very few users have experienced cyber attacks or had their device stolen or lost, but of those who did they are much more concerned about their personal information than their company’s info.

Lost any of the following mobile devices USERS How concerned were you about a stranger accessing any of the following information?

USERS

74% 58%

Experienced Cyber-attack/security breach USERS Personal Information Company Information Base: All USERs with device (Smartphone: n=846; Tablet: n=534) Q935

In the past year, how many times, if at all, have you lost any of the following mobile devices (either misplaced it or it was stolen)?

Q914

Have you experienced a cyber-attack or security breach on your mobile device?

Base: Device stolen and engage in BYOD (n=71) Q940

When your mobile device was lost/stolen, how concerned were you about a stranger accessing any of the following information?

Users note that adding a password/PIN is one of the most popular security measures taken by themselves and their IT department.

Steps personally taken to protect your mobile devices

Run software updates Added a password/PIN Installed anti-virus programs Location tracking Installed an app that can remote lock, locate, and/or erase data Other None

What other steps have you taken to protect your mobile devices?

USERS Steps IT department taken to protect your mobile devices USERS

Added a password/PIN Installed anti-virus programs Run software updates Restricting downloads Restricting access to certain employees Restricting or blocking access to websites Installed an app that can remote lock, locate, and/or erase data Location tracking Mobile application management software Usage limits Other None

Base: All USERs (n=1,001) Q915

Which of the following steps, if any, have

you

personally taken to protect your mobile devices? Please select all that apply.

Base: BYOD USERs (n=551) Q920

Which of the following steps, if any, has

your IT department

taken to protect your mobile devices?

Actions taken by ITDMs is consistent with the actions users are reporting of their IT departments.

Steps the IT department has taken to protect employee’s mobile devices.

ITDMS

Added a password/PIN Installed anti-virus programs Network certificates VPNs Restricting access to certain employees Restricting or blocking access to websites Run software updates Installed an app that can remote lock, locate, and/or erase data Restricting downloads Lock screens Mobile application management software Location tracking Hardware based authentication tokens Usage limits Other None

Base: Employees engage in BYOD (n=184) Q920

Which of the following steps, if any, has

your IT department

taken to protect your mobile devices?

Users and ITDMs note that updates are typically run automatically and password/PINs are asked to be updated every 2 – 6 months.

What other steps have you taken to protect your mobile devices?

How often are you required to change your password/PIN?

Are the software updates you are required to run..?

User initiated – you have to make a selection for the update to run

USERS: 45% ITDMS: 23%

Automatic – you don’t have to do anything for the update to run

USERS: 55% ITDMS: 77% Base: BYOD and Required to add password/PIN (USERs: n=156; ITDMs: n=88) Q925

How often are you required/how often do you require your employees to change your password/PIN?

Base: BYOD and Required to run updates (USERs: n=104; ITDMs: n=56) Q927

Are the software updates you are required to run/require your employees to run..?

ITDMs impose restrictions on remote access and social media sites.

*Small base size

Base: ITDMs and employ usage limits (n=23) Q923

What types of usage limits or restrictions do you have?

Base: ITDMs and restrict access (n=54) Q924

When accessing corporate applications and information, are BYOD users restricted from accessing: © Harris Interactive 28

ITDMs view passwords/PIN and anti-virus programs as being most important in protecting company info.

Password/PIN Anti-virus programs Software updates Network certificates VPNs Download restrictions Access restrictions for certain employees App that can remote lock, locate, and/or erase data Restricting or blocking access to websites Locking of screens Mobile application management software Hardware based authentication tokens Location tracking Usage limits

Base: BYOD ITDMs (n=197) Q946

How important do you find each of the following BYOD security measures in helping to protect company information? Please answer for each even if your company does not employ the protection.

ITDMs have communicated the importance of secure networks, changing passwords, and reporting security issues.

Employees to protect themselves against cybersecurity threats on their mobile devices ITDMS

Importance of accessing information when on secure networks (e.g. those that require passwords) Importance of changing password/PIN frequently Need to report data security issues quickly Importance of running updates frequently Importance of encrypting messages to protect sensitive information Other Nothing, we have not communicated anything to them

Base: BYOD ITDMs (n=197) Q950

What specifically have you communicated to your employees to protect themselves against cybersecurity threats on their mobile devices, if anything? © Harris Interactive 30

Based on survey results, both users and ITDMs feel that it is the user’s primary responsibility to keep their device secure.

Base: BYOD USERs (n=551) Q1015

Whose primary responsibility is it to keep your mobile device secure?

Q1020

In the event that your mobile device is hacked, whose primary responsibility is it to recover your personal information?

© Harris

Base: ITMDs (n=250) Q1010

Whose primary responsibility is it to keep your employee’s personal mobile devices secure when they are accessing company information or applications?

Attitudes toward BYOD

Users recognize BYOD may be wave of the future and ITDMs feel the benefits outweigh the risks.

Smith says:

“BYOD is a fad that will soon fade.”

Jones says:

“BYOD is the wave of the future so companies need to get on board.”

Risks/Benefits: ITDMS Base: All USERs (n=1,001) Q1030

Now you will read two hypothetical opposing opinions about BYOD. One statement will represent the opinions of a person named [ROTATE: Smith/Jones] and the other statement will represent the opinion of a person named [ROTATE: Jones/Smith].

Base: All ITDMs (n=250) Q1020

Thinking about BYOD, do you think the..?

Users recognize that BYOD “keeps employees connected”, “is convenient”, and “provides flexible work environment”.

• Over 6 in 10 users prefer to work for an employer that allows BYOD over one that doesn’t.

USERS I would prefer working for an employer that allows BYOD than one that doesn’t.

BYOD keeps employees connected to work without having to be there BYOD helps the company save money on technology BYOD is convenient for employees BYOD provides a flexible work environment - employees can work wherever they want BYOD helps employees be more productive BYOD makes employees happy BYOD policies help improve company and employee relations BYOD provides employees with a good work-life balance

Base: All USERs (n=1,001) Q1005

How much do you agree or disagree with the following statements?

These attributes of BYOD are also recognized by ITDMs.

BYOD is convenient for employees BYOD provides a flexible work environment - employees can work wherever they want BYOD keeps employees connected to work without having to be there BYOD makes employees happy BYOD helps employees be more productive BYOD helps the company save money on technology BYOD policies help improve company and employee relations BYOD provides employees with a good work-life balance

Base: All ITDMs (n=250) Q1006

How much do you agree or disagree with the following statements?

ITDMs emphasize “data protection”, “security of device”, and “employee compliance” as their chief concerns.

Data protection Security of the devices Employee compliance The device could be lost or stolen Visibility into all devices that are accessing company information and applications Employees abusing BYOD Compatibility Lack of standardization Providing IT support for their personal devices Increased liability for damage to the device at work Performance of the device

Base: All ITDMs (n=250) Q1016

: When employees access work-related information or applications with their mobile devices, how concerned are you about each of the following?

ITDM Perceptions by Company Size

Smaller companies are slightly less likely to have employees who engage in BYOD.

% of employees engaging in BYOD by company size (in employees) Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118) Q800

Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level Approximately what percentage of your employees do you think access company information or applications with their personal devices on a regular basis (at least weekly)?

ITDMs in larger companies are more likely to have taken all types of steps to protect their employee’s mobile devices.

Steps IT Dept has taken to protect mobile devices by company size (in employees) Base: BYOD ITDMs (Less than 500 employees: n=90); 500 or more employees: n=94)

Q920: Which of the following steps, if any, has your IT department taken to protect your employee's mobile devices?

Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level © Harris Interactive 39

Larger companies are also more likely to have communicated the importance of protecting against cybersecurity threats.

Communication to employees by company size (in employees)

Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level

Base: BYOD ITDMs (Less than 500 employees: n=97; 500 or more employees: n=100)

Q950: What specifically have you communicated to your employees to protect themselves against cybersecurity threats on their mobile devices, if anything?

ITDMs in larger companies are more likely to recognize the importance of non-basic security measures.

Importance of security measures (very/somewhat important) by company size (in employees)

Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level

Base: BYOD ITDMs (Less than 500 employees: n=97; 500 or more employees: n=100)

Q946: How important do you find each of the following BYOD security measures in helping to protect company information?

Although ITDMs of different sized companies recognize the benefits. . .

Agreement (strongly/somewhat) by company size (in employees) Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118)

Q1006: How much do you agree or disagree with the following statements?

. . .Concerns over the hazards of BYOD are universally higher among larger companies.

Concern (very/somewhat concerned) by company size (in employees)

Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level

Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118)

Q1016: When employees access work-related information or applications with their mobile devices, how concerned are you about each of the following?/ If your employees were to use their personally owned mobile devices to access work-related information or applications, how concerned would you be with each of the following?

And larger companies are more likely to say the risks outweigh the benefits when it comes to BYOD.

BYOD Risks vs. Benefits by company size (in employees)

Less than 500 500 or more

Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118)

Q1020: Thinking about BYOD, do you think the..?

Also larger companies are more likely to say it’s the company’s responsibility to keep their employee’s device secure.

Responsibility in keeping employee’s mobile device secure by company size (in employees)

Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level

Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118)

Q1010: Whose primary responsibility is it to keep your employee's personal mobile devices secure when they are accessing company information or applications?

Demographics

USER Demographics

Total Gender

Male Female

Age

18-24 25-34 35-49 50-64 65+

Race/Ethnicity

White Hispanic Black Asian or Pacific Islander Native American or Alaskan Native Some other race

Household Income

Less than $50k $50k to less than $100k $100k or less than $249k $250k or more

Education

HS or Less Attended college or college degree Attended graduate school or graduate degree 72% 12% 10% 4% 1% 1% 23% 34% 37% 3% 57% 43% 7% 26% 34% 28% 5% 18% 58% 17%

Company Size (in employees)

Total

14% 5% 7% 17% 9% 15% 9% 24% 47

ITDM Demographics

Company size

1 – 24 25 – 49 50 – 99 100 – 499 500 – 999 1,000 – 4,999 5,000 – 9,999 10,000+

Company revenue

Less than $500,000 $500,000 - $999,999 $1 million - $24.9 million $25 million - $49.9 million $50 million - $99.9 million $100 million - $499.9 million $500 million - $999.9 million $1 billion or more Decline to answer

Employment status

Employed full time Self employed Employed part time

Total

31% 6% 6% 11% 4% 10% 4% 27% 26% 4% 14% 5% 9% 2% 4% 23% 13% 68% 29% 3%

Title

Owner/President VP/C-Suite Director/Manager Other

Industry

Total

28% 13% 23% 9% 26% 12% 8% 17% 48

byod survey

Transcript byod survey

Workplace Technology

Table of Contents

© Harris

Awareness and knowledge of BYOD

Presence of BYOD Policy

Security of Devices and Steps Taken

© Harris

Attitudes toward BYOD

ITDM Perceptions by Company Size

Demographics

Directory