1 Workplace Technology Prepared for © Harris Interactive April 2013
Dec 16, 2015
1
Workplace TechnologyPrepared for
© Harris Interactive
April 2013
© Harris Interactive
Table of Contents
Methodology 3
Questionnaire Design Flow 4
Executive Summary 6
Detailed Findings 9
Appendix 44
© Harris Interactive
Methodology
• The research was conducted via self-administered online surveys within the United States by Harris Interactive between February 20 - 28, 2013. Two audiences were targeted:
– Information Technology Decision Makers (“ITDMs”): n=250– Full-time employed mobile device (smartphone and/or tablet) users (“USERs”): n=1,001
• Among ITDMs figures for business size (in number of employees) were weighted to bring them into line with the population of business sizes across the US.
• Among USERs, figures for education, age by gender, race/ethnicity, region, and household income were weighted where necessary to bring them into line with the population of US residents who own a cell phone or smart phone. For the online sample, our weighting algorithm also included a propensity score which allows us to adjust for propensity to be online. For the phone sample, our weighting also included variables to account for the probability of selection.
• All sample surveys and polls, whether or not they use probability sampling, are subject to multiple sources of error which are most often not possible to quantify or estimate, including sampling error, coverage error, error associated with non-response, error associated with question wording and response options, and post-survey weighting and adjustments. Therefore, Harris Interactive avoids the words "margin of error" as they are misleading. All that can be calculated are different possible sampling errors with different probabilities for pure, unweighted, random samples with 100% response rates. These are only theoretical because no published polls come close to this ideal.
© Harris Interactive 3
USERs: Questionnaire Design Flow
Responsibility of mobile device security and data recovery
Benefits of BYOD Security and recovery
responsibility Risks of BYOD
Responsibility of mobile device security and data recovery
Benefits of BYOD Security and recovery
responsibility Risks of BYOD
Formal company policy Reimbursement policy Device security on and
off BYOD Steps taken to protect
device, self and employer
Formal company policy Reimbursement policy Device security on and
off BYOD Steps taken to protect
device, self and employer
Familiarity and definition of BYOD
Frequency of access of work-related information and applications via mobile devices
Types of information and applications accessed
Familiarity and definition of BYOD
Frequency of access of work-related information and applications via mobile devices
Types of information and applications accessed
Questions to screen for full time employed respondents who own and use smartphones or tablets.
Questions to screen for full time employed respondents who own and use smartphones or tablets.
Screener BYOD Familiarity & Usage Company Policies & Security
BYOD Attitudes
4
ITDMs: Questionnaire Design Flow
Familiarity and definition of BYOD
Proportion and awareness of employees engaging in BYOD
Awareness of employees engaging in
Types of information and applications accessed
Familiarity and definition of BYOD
Proportion and awareness of employees engaging in BYOD
Awareness of employees engaging in
Types of information and applications accessed
Questions to screen for employees with oversight or decision-making authority in IT/Technology systems
Questions to screen for employees with oversight or decision-making authority in IT/Technology systems
Formal company policy BYOD policy details
Recency of policy implementation
Mobile device mgmt Reimbursement Protocol upon
employee severance Employees’ device security Steps taken to protect
employees’ devices Importance of security
measures Cybersecurity
communication with employees
Responsibility of mobile device security
Benefits of BYOD Security and recovery
responsibility Risks of BYOD
Screener BYOD Familiarity & Usage Company Policies & Security
BYOD Attitudes
5
Executive Summary and Key Observations
• Familiarity with BYOD is low among users and lower than expected with ITDMs perhaps due to the newness of the phenomenon.
• It is important for companies to implement BYOD policies and ensure their employees’ awareness because more users are engaging in BYOD than ITDMs may be aware of.
• Users may also be unaware of their employer’s BYOD policy as evidenced by the disconnect between reported incidence of policies among ITDMs and the user’s unawareness.
• Users and ITDMs alike may not be doing enough to protect devices that are accessing company information, as well as the information itself. Users and ITMDs both focus on password/PINs as the main security measure, often ignoring more advanced security.
© Harris Interactive 6
Executive Summary and Key Observations
• With users accepting responsibility for protection and information recovery, it should not be an uphill battle for ITDMs to emphasize the importance of taking proper security measures with their devices.
• Benefits of BYOD are readily recognized by users and ITDMs.– Users and ITDMs see BYOD as providing convenience, flexibility, and a virtual
connection to work for employees. BYOD can also help attract employees as users tend to favor employers with a BYOD permitting policy.
• Overall, ITDMs and users are favorable toward BYOD, but have some reservations.– Most users agree that BYOD is the wave of the future and most ITDMs agree the
benefits outweigh the risks. But the low intensity of support may indicate cautious optimism. • Concerns around data protection and employee compliance could be contributing to these
less intense feelings.
© Harris Interactive 7
Executive Summary and Key Observations
• Small businesses see opportunity in BYOD but may also be more vulnerable.– Despite similar incidence of BYOD usage across company size, smaller companies
(500 or fewer employees) are less likely to take action to protect employees’ mobile devices and are less likely to communicate the importance of protective action to their employees.
– Smaller companies show those same tendencies in their attitudes as well, assigning low concern to the risks of BYOD.
– Companies with 500 or fewer employees are also more likely than larger companies to say the benefits of BYOD outweigh its risks. • The higher vigilance among larger companies may be related to the increased risk due to the
volume of employees engaging in BYOD. ITDMs in smaller companies are also more likely to be the owners/executives and thus less familiar with the complexities of implementing BYOD practices.
© Harris Interactive 8
Awareness and knowledge of BYOD (Employees bringing their personal mobile devices smartphones and tablets to work to access work-related information and applications.)
© Harris Interactive
Among users, familiarity with the term BYOD is low.
© Harris Interactive
Base: All USERs (n=1,001)Q700 How familiar are you with the term “bring your own device” or BYOD?
Base: Very/Somewhat Familiar (n=259)Q705 Based on what you know, how would you define what BYOD is?
10
Based on what you know, how would you define what BYOD is? (Among Very/Somewhat familiar)
As expected, familiarity with the term BYOD is higher among ITDMs.
© Harris Interactive
Base: All ITDMs (n=250)Q700 How familiar are you with the term “bring your own device” or BYOD?
Base: Very/Somewhat Familiar (n=134)Q705 Based on what you know, how would you define what BYOD is?
11
Based on what you know, how would you define what BYOD is? (Among Very/Somewhat familiar)
• The term is mainly associated with bringing mobile devices to work to access work related information.
Over half of Users reported some amount of BYOD behavior during the year.
© Harris Interactive
Base: All USERs (n=1,001)Q800 How often, if at all do you use your personally owned mobile devices to access work-related information or applications?
12
57% BYOD on either mobile device during the year
• Over 4 in 10 use either a smartphone or tablet weekly to access work-related information or applications.
Majority of ITDMs (60%) think 25% or less of their employees access company info on their personal devices on a regular basis.
© Harris Interactive
Base: All ITDMs (n=250)Q800 Approximately what percentage of your employees do you think access company information or applications with their personal devices on a regular basis (at least weekly)?
13
However nearly 4 in 10 acknowledge that they may be unaware of some employees that access company information.
© Harris Interactive
Base: All ITDMs (n=250)Q801 Are you fully aware of all employees who access company information or applications?
Base: Unaware of all employees engaging in BYOD (n=90)Q802 Why do you think some employees access company information or applications without your knowledge?
14
-ITDM lack of knowledge-“Convenience”-ITDM lack of knowledge-“Convenience”
Smartphones are noted as the mobile device of choice for BYOD andemail is the application most accessed.
© Harris Interactive
Base: BYOD ITDMs(n=197)Q803 What types of mobile devices do employees typically use to access company information or applications? Please select all that apply.
Base: BYOD (USERs: n=551; ITDMs: n=197)Q810 What types of company information or applications do you/they typically access? Please select all that apply.
15
What types of company information or applications do you/they typically access?
Company information or applications
Users ITDMs
Email 89% 92%
Calendaring and Scheduling 57% 75%
Databases 28% 32%
Company Applications 28% 39%
Directories 25% 31%
Financial information 19% 16%
File servers 19% 33%
Other 6% 4%
Smartphone83%
Tablet66%
Other14%
What types of mobile devices do employees use to access company info?
ITDMS
Presence of BYOD Policy
© Harris Interactive
Half of users say their company doesn’t have a BYOD policy whereas more ITDMs claim they have a policy.
© Harris Interactive
Base: All Respondents (USERs: n=1,001; ITDMs: n=250)Q900 Does your company have a formal BYOD policy?
Base: ITDMs with formal policy (n=146)Q902 When did your company put your BYOD policy in place?
17
Yes, we allow employees to use their personal mobile devices to access work information or applications
Yes, we officially do not allow employees to use their personal
mobile devices to access work information or applications
No
ITDMSPresence of formal BYOD policy
Even in the presence of BYOD policies, employees are expected to pay for the device and data plan themselves.
© Harris Interactive
Base: BYOD (USERs: n=551; ITDMs: n=197)USERs: Q905 Thinking about the mobile device you use to access work information or applications, does your company pay for your mobile device in some way?ITMDs: Q905 Thinking about those employees who bring their own device, does your company pay for the personal mobile devices or data plans in some way?
18
Yes, my company pays for the device
Yes, my company pays for the data plan
Yes, we share the costs of the device
Yes, we share the costs of the data plan
No, the employee pays for the device and data plan themselves
Device Reimbursement
Six in ten of users who said their company has a formal BYOD policysaid they provide IT support.
© Harris Interactive
Base: USERs and Employer formally allows BYOD (n=206)Q907 Does your company provide IT support for its BYOD policy?
19
ITDM BYOD policies cover a variety of items.
© Harris Interactive
Base: VariableQ903 Are you applying mobile device management as part of your company’s BYOD policy? Base: ITDMs and formally allows BYOD (n=116)Q907 What does your BYOD policy cover? Please select all that apply. Base: ITDMs and formally allows BYOD (n=116)Q909 When an employee leaves the company, what policies and procedures do you have in place? Please select all that apply. Base: BYOD ITDMs (n=197)Q947 Does your IT department require employees to sign some form of a data security notice? All ITDMs (n=250)
20
When an employee leaves the company, what policies and procedures do you have in place?
Protections for employees related to privacy and loss of personal information
Back-up and restore for personal data if an employee loses or inadvertently wipes their mobile device
Back-up and restore for personal data if their mobile device is hacked
Other
What does your BYOD policy cover?
Deactivate network certificate
Remote wipe
Remote lock
Other
None
Does your IT department require
employees to sign some form of a data security
notice?YES 52% NO 48%
• Including mobile device management, protection related to privacy and loss, deactivation of network certificates when an employee leaves, and signing of a data security notice.
Security of Devices and Steps Taken
© Harris Interactive
Both users and ITDMs believe employee personal devices are secure.
© Harris Interactive
Base: All USERs with device (Smartphone: n=846; Tablet: n=534)Q910 How secure do you feel your personal smartphone is?Q912 How secure do you feel your personal tablet is?
22
Security of smartphone and personal tabletITDMSUSERS
Base: ITMDs and employees use device (Smartphone: n=162; Tablet: n=129)Q910 Thinking about those employees who bring their own device, how secure do you feel your employee’s personal smartphones are?Q912 Thinking about those employees who bring their own device, how secure do you feel your employee’s personal tablets are?
A slight majority of users think their device is more secure when accessing work-related info.
© Harris Interactive
Base: BYOD USERs (n=551)Q913 How much do you agree or disagree with the following statement?
23
My personal mobile device is more
secure when I am accessing work-
related information than it is when I am accessing personal
information.
USERS
Very few users have experienced cyber attacks or had their devicestolen or lost, but of those who did they are much more concernedabout their personal information than their company’s info.
© Harris Interactive
Base: All USERs with device (Smartphone: n=846; Tablet: n=534)Q935 In the past year, how many times, if at all, have you lost any of the following mobile devices (either misplaced it or it was stolen)?Q914 Have you experienced a cyber-attack or security breach on your mobile device?
Base: Device stolen and engage in BYOD (n=71)Q940 When your mobile device was lost/stolen, how concerned were you about a stranger accessing any of the following information?
24
Lost any of the following mobile devicesUSERS
How concerned were you about a stranger accessing any of the following information?
USERS
Personal Information Company Information
Experienced Cyber-attack/security breachUSERS
74% 58%
Users note that adding a password/PIN is one of the most popular security measures taken by themselves and their IT department.
© Harris Interactive
Base: All USERs (n=1,001)Q915 Which of the following steps, if any, have you personally taken to protect your mobile devices? Please select all that apply.
Base: BYOD USERs (n=551)Q920 Which of the following steps, if any, has your IT department taken to protect your mobile devices?
25
What other steps have you taken to protect your mobile devices?
Run software updates
Added a password/PIN
Installed anti-virus programs
Location tracking
Installed an app that can remote lock, locate, and/or erase data
Other
None
Steps personally taken to protect your mobile devicesUSERS
Added a password/PIN
Installed anti-virus programs
Run software updates
Restricting downloadsRestricting access to certain
employeesRestricting or blocking access to
websitesInstalled an app that can remote
lock, locate, and/or erase data
Location tracking
Mobile application management software
Usage limits
Other
None
Steps IT department taken to protect your mobile devices USERS
Actions taken by ITDMs is consistent with the actions users are reporting of their IT departments.
© Harris Interactive
Base: Employees engage in BYOD (n=184)Q920 Which of the following steps, if any, has your IT department taken to protect your mobile devices?
26
Steps the IT department has taken to protect employee’s mobile devices.ITDMS
Added a password/PIN
Installed anti-virus programs
Network certificates
VPNs
Restricting access to certain employees
Restricting or blocking access to websites
Run software updates
Installed an app that can remote lock, locate, and/or erase data
Restricting downloads
Lock screens
Mobile application management software
Location tracking
Hardware based authentication tokens
Usage limits
Other
None
Users and ITDMs note that updates are typically run automaticallyand password/PINs are asked to be updated every 2 – 6 months.
© Harris Interactive
Base: BYOD and Required to add password/PIN (USERs: n=156; ITDMs: n=88)Q925 How often are you required/how often do you require your employees to change your password/PIN?
Base: BYOD and Required to run updates (USERs: n=104; ITDMs: n=56)Q927 Are the software updates you are required to run/require your employees to run..?
27
What other steps have you taken to protect your mobile devices?
How often are you required to change your password/PIN?
Are the software updates you are required to run..?
User initiated – you have to make a selection for the
update to runUSERS: 45%ITDMS: 23%
Automatic – you don’t have to do anything for the
update to runUSERS: 55%ITDMS: 77%
ITDMs impose restrictions on remote access and social media sites.
© Harris Interactive
Base: ITDMs and employ usage limits (n=23)Q923 What types of usage limits or restrictions do you have?
Base: ITDMs and restrict access (n=54)Q924 When accessing corporate applications and information, are BYOD users restricted from accessing:
28
*Small base size
Base: BYOD ITDMs (n=197)Q946 How important do you find each of the following BYOD security measures in helping to protect company information? Please answer for each even if your company does not employ the protection.
ITDMs view passwords/PIN and anti-virus programs as being mostimportant in protecting company info.
© Harris Interactive 29
Password/PIN
Anti-virus programs
Software updates
Network certificates
VPNs
Download restrictions
Access restrictions for certain employees
App that can remote lock, locate, and/or erase data
Restricting or blocking access to websites
Locking of screens
Mobile application management software
Hardware based authentication tokens
Location tracking
Usage limits
ITDMs have communicated the importance of secure networks, changing passwords, and reporting security issues.
© Harris Interactive
Base: BYOD ITDMs (n=197)Q950 What specifically have you communicated to your employees to protect themselves against cybersecurity threats on their mobile devices, if anything?
30
Employees to protect themselves against cybersecurity threats on their mobile devicesITDMS
Importance of accessing information when on secure networks (e.g. those that require passwords)
Importance of changing password/PIN frequently
Need to report data security issues quickly
Importance of running updates frequently
Importance of encrypting messages to protect sensitive information
Other
Nothing, we have not communicated anything to them
© Harris Interactive
Based on survey results, both users and ITDMs feel that it is the user’s primary responsibility to keep their device secure.
© Harris Interactive
Base: BYOD USERs (n=551)Q1015 Whose primary responsibility is it to keep your mobile device secure?Q1020 In the event that your mobile device is hacked, whose primary responsibility is it to recover your personal information?
Base: ITMDs (n=250)Q1010 Whose primary responsibility is it to keep your employee’s personal mobile devices secure when they are accessing company information or applications?
31
Attitudes toward BYOD
© Harris Interactive
Base: All USERs (n=1,001)Q1030 Now you will read two hypothetical opposing opinions about BYOD. One statement will represent the opinions of a person named [ROTATE: Smith/Jones] and the other statement will represent the opinion of a person named [ROTATE: Jones/Smith].
Users recognize BYOD may be wave of the future and ITDMs feel the benefits outweigh the risks.
© Harris Interactive 33
“BYOD is a fad that will soon fade.”
Smith says: Jones says:
“BYOD is the wave of the future so companies need to get on board.”
Base: All ITDMs (n=250)Q1020 Thinking about BYOD, do you think the..?
Risks/Benefits: ITDMS
Users recognize that BYOD “keeps employees connected”, “is convenient”, and “provides flexible work environment”.
© Harris Interactive
Base: All USERs (n=1,001)Q1005 How much do you agree or disagree with the following statements?
34
I would prefer working for an employer that allows BYOD than one that doesn’t.
BYOD keeps employees connected to work without having to be there
BYOD helps the company save money on technology
BYOD is convenient for employees
BYOD provides a flexible work environment - employees can work wherever they want
BYOD helps employees be more productive
BYOD makes employees happy
BYOD policies help improve company and employee relations
BYOD provides employees with a good work-life balance
USERS
• Over 6 in 10 users prefer to work for an employer that allows BYOD over one that doesn’t.
BYOD is convenient for employees
BYOD provides a flexible work environment - employees can work wherever they want
BYOD keeps employees connected to work without having to be there
BYOD makes employees happy
BYOD helps employees be more productive
BYOD helps the company save money on technology
BYOD policies help improve company and employee relations
BYOD provides employees with a good work-life balance
These attributes of BYOD are also recognized by ITDMs.
© Harris Interactive
Base: All ITDMs (n=250)Q1006 How much do you agree or disagree with the following statements?
35
Base: All ITDMs (n=250)Q1016: When employees access work-related information or applications with their mobile devices, how concerned are you about each of the following?
Data protection
Security of the devices
Employee compliance
The device could be lost or stolen
Visibility into all devices that are accessing company information and applications
Employees abusing BYOD
Compatibility
Lack of standardization
Providing IT support for their personal devices
Increased liability for damage to the device at work
Performance of the device
ITDMs emphasize “data protection”, “security of device”, and “employee compliance” as their chief concerns.
© Harris Interactive 36
ITDM Perceptions byCompany Size
© Harris Interactive
Smaller companies are slightly less likely to have employees who engage in BYOD.
© Harris Interactive
Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118)Q800 Approximately what percentage of your employees do you think access company information or applications with their personal devices on a regular basis (at least weekly)?
38
% of employees engaging in BYOD by company size (in employees)
Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level
ITDMs in larger companies are more likely to have taken all types ofsteps to protect their employee’s mobile devices.
© Harris Interactive
Base: BYOD ITDMs (Less than 500 employees: n=90); 500 or more employees: n=94)Q920: Which of the following steps, if any, has your IT department taken to protect your employee's mobile devices?
Steps IT Dept has taken to protect mobile devices by company size (in employees)
39
Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level
Larger companies are also more likely to have communicated the importance of protecting against cybersecurity threats.
© Harris Interactive
Base: BYOD ITDMs (Less than 500 employees: n=97; 500 or more employees: n=100)Q950: What specifically have you communicated to your employees to protect themselves against cybersecurity threats on their mobile devices, if anything?
Communication to employees by company size (in employees)
40
Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level
ITDMs in larger companies are more likely to recognize the importance of non-basic security measures.
© Harris Interactive
Base: BYOD ITDMs (Less than 500 employees: n=97; 500 or more employees: n=100)Q946: How important do you find each of the following BYOD security measures in helping to protect company information?
Importance of security measures (very/somewhat important) by company size (in employees)
41
Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level
Although ITDMs of different sized companies recognize the benefits. . .
© Harris Interactive
Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118)Q1006: How much do you agree or disagree with the following statements?
Agreement (strongly/somewhat) by company size (in employees)
42
Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level
. . .Concerns over the hazards of BYOD are universally higher among larger companies.
© Harris Interactive
Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118)Q1016: When employees access work-related information or applications with their mobile devices, how concerned are you about each of the following?/ If your employees were to use their personally owned mobile devices to access work-related information or applications, how concerned would you be with each of the following?
Concern (very/somewhat concerned) by company size (in employees)
43
Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level
And larger companies are more likely to say the risks outweighthe benefits when it comes to BYOD.
© Harris Interactive
Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118)Q1020: Thinking about BYOD, do you think the..?
Less than 500
500 or more
BYOD Risks vs. Benefits by company size (in employees)
44
Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level
Also larger companies are more likely to say it’s the company’s responsibility to keep their employee’s device secure.
© Harris Interactive
Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118)Q1010: Whose primary responsibility is it to keep your employee's personal mobile devices secure when they are accessing company information or applications?
Responsibility in keeping employee’s mobile device secure by company size (in employees)
45
Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level
Demographics
© Harris Interactive
© Harris Interactive 47
Total
GenderMale 57%Female 43%
Age18-24 7%25-34 26%35-49 34%50-64 28%65+ 5%
Race/EthnicityWhite 72%Hispanic 12%Black 10%Asian or Pacific Islander 4%Native American or Alaskan Native 1%Some other race 1%
Household IncomeLess than $50k 23%$50k to less than $100k 34%$100k or less than $249k 37%$250k or more 3%
Education
HS or Less 18%
Attended college or college degree 58%
Attended graduate school or graduate degree 17%
USER DemographicsTotal
Company Size (in employees) 1 - 24 14%25-49 5%50 - 99 7%100 - 499 17%500 - 999 9%1,000 - 4,999 15%5,000 - 9,999 9%10,000+ 24%
© Harris Interactive 48
TotalTitleOwner/President 28%VP/C-Suite 13%Director/Manager 23%Other 9%
IndustryCommunications/Technology 26%Finance/Legal 12%Business Services 8%Government/Non-Profit 17%
TotalCompany size
1 – 24 31%25 – 49 6%50 – 99 6%100 – 499 11%500 – 999 4%1,000 – 4,999 10%5,000 – 9,999 4%10,000+ 27%
Company revenueLess than $500,000 26%$500,000 - $999,999 4%$1 million - $24.9 million 14%$25 million - $49.9 million 5%$50 million - $99.9 million 9%$100 million - $499.9 million 2%$500 million - $999.9 million 4%$1 billion or more 23%Decline to answer 13%
Employment statusEmployed full time 68%Self employed 29%Employed part time 3%
ITDM Demographics