A study by Fiberlink revealed that 68 percent of employees didn't secure the data of an old BYOD device after upgrading, despite probably having an organizational policy requiring such a measure.
The popularity of bring-your-own-device (BYOD) programs in organizations is solving some problems, but potentially creating others. According to a study of more than 2,200 employees by Fiberlink, 68 percent reported that they did not have their devices professionally wiped or securely destroyed after upgrading to a new device.
"Whatever apps and information they have on there is still on there — that's the concerning part," David Lingenfelter, information security officer at Fiberlink, told InformationWeek. "The risk varies based on what you end up doing with the device ... if you turn it into your carrier, they'll check to see if there's personal information on there. That's human nature."
According to a study (pdf) by the Cloud Security Alliance, nearly 80 percent of companies report having a policy that addresses mobile devices, but simply having the policy doesn't mean it's being followed. Fiberlink recommends better security education for employees as the best way to avoid unintentionally exposing corporate data. When decommissioning an old device, Fiberlink proposes a four-step process that includes notifying the IT department, transferring data to the new device, extracting all personal data and performing a factory data reset.