Government Business Council, a research arm of Nextgov, conducted a survey of 165 government employees working in the United States federal and military agencies where it was found that most employees bring their own device to work without the agency approval.
“Among active duty military and Defense Department civilian employees, 43 percent said they use an agency-provided mobile device to conduct government work. On the civilian side, 59 percent said they use agency devices for work,” the report on Nextgov suggest.
“Some of the basic tenets of network cybersecurity is to know who and what is riding on your network,” said Chris Cummiskey, former Homeland Security acting undersecretary and chief acquisition officer, now a senior fellow at George Washington University’s Center for Cyber and Homeland Security in the report. “While ease of connecting personal devices to the network is convenient for employees, it poses a security challenge for IT professionals in identifying and blocking malicious activity that may exist at the endpoint.”
Nearly one-third of the employees do the office related works on the personal devices, but here 94 percent of the Defense employees stated that their personal devices were not approved by the agency, while 64 percent of civilian agency employees said the same about their devices.
And furthermore, it was not like the employees did not understand the gravity of the issue. In fact, nearly 51 percent felt that security is more important than productivity, while 25 percent said vice versa. Another peculiar thing about the survey was that more than half the respondents felt “the agency’s device policy introduces more security risk than is necessary.”
“When you use a computer or smartphone for both work and personal activity, you have added significant risk your personal activity introduces malware that can access your business data and networks,” said Chuck Brooks, the first legislative director for Homeland Security’s Science and Technology Directorate, currently at General Dynamics Mission Systems serving as principal market growth strategist for cybersecurity and emerging technologies. “Many successful attacks aimed at both government and industry have come through phishing and spear-phishing that expanded into cross-contamination of device networks.”