Local authorities are putting data at risk by not implementing a ‘Bring Your Own Device’ (BYOD) policy, analysts warn.
A Freedom of Information (FoI) request, issued to 79 English council districts, has revealed that 42% of the local authorities questioned do not have a BYOD policy in place.
BYOD refers to employees bringing their own devices - laptops, tablets, smart phones - to work and using them to access privileged information.
The managed services provider (MSP) Annodata, which made the FoI, warned without an enforceable BYOD plan in place, these councils may be leaving themselves exposed to the risk of data leakage.
The introduction of the General Data Protection Regulation (GDPR), which regulates access to company data, means councils can face fines of up to 4% of total revenue if confidential information is leaked.
Annodata has urged local authorities to put in place clear BYOD policies in order to enable employers to use their own devices while not leaving the council vulnerable.
‘BYOD can bring clear benefits in the form of greater flexibility and increased productivity,’ said Joe Doyle, marketing director at Annodata.
‘However, any gains to be had from BYOD will be null and void if there is not a clear policy to accompany this.’
‘The risk of not giving BYOD appropriate consideration can result in companies being left exposed to an increased risk of data leakage, whilst also making it difficult to determine which devices are accessing which systems and data,’ he continued.
‘Employees want to use their own devices and experience tells us that they will, with or without a standard. Having a BYOD policy grants organisations greater visibility and control over this.’