While the bring your own device (BYOD) trend has become a hot topic in IT, few organisations are giving employees adequate guidance on using personal devices at work, according to the Information Commissioner's Office (ICO).
The ICO, which has published its own guidelines on the appropriate use of personal devices in the workplace, said that a lax approach by organisations may be putting sensitive information at risk.
From the results of a survey carried out by YouGov, the ICO said it found 47 percent of all UK workers are already using their own smartphone, laptop or tablet for work purposes.
However, fewer than three in 10 of these reported being provided with guidance on how their devices should be used under those circumstances. The ICO said this raises concerns that those workers may not understand how to look after information accessed and stored on their devices.
"The rise of smartphones and tablet devices means that many of the common daily tasks we would have previously carried out on the office computer can now be worked on remotely," said the ICO's Simon Rice.
"While these changes offer significant benefits to organisations, employers must have adequate controls in place to make sure this information is kept secure."
The ICO's BYOD blueprint aims to help organisations develop their own policies by highlighting the issues they must consider.
Included in the recommendations are many that V3 readers, or those who have been involved with enterprise mobility for any length of time, will be familiar with.
Employers must make it clear to staff which kind of data may be processed on personal devices and which may not, for example, while devices should be secured with at least a strong password and encryption used to protect data.
Further advice is that cloud-based sharing and public backup services should be used with extreme caution, and that devices should be configured with a remote locate and wipe facility in case of loss or theft.
The ICO conceded that the cost of introducing controls such as these can be significant, depending upon the type of information that users are handling, and may even exceed the initial savings expected from following a BYOD strategy.
However as Rice pointed out, "the sum will pale into insignificance when you consider the reputational damage caused by a serious data breach. This is why organisations must act now."
Daniel Robinson is technology editor at V3, and has been working as a technology journalist for over two decades. Dan has served on a number of publications including PC Direct and enterprise news publication IT Week. Areas of coverage include desktops, laptops, smartphones, enterprise mobility, storage, networks, servers, microprocessors, virtualisation and cloud computing.