Global nonprofit IT association ISACA today released findings from its 2012 IT Risk/Reward Barometer survey. Respondents in Africa report a growing acceptance of “bring your own device” (BYOD) in the workplace—a practice in which employees use their personal devices for work—while also acknowledging that they believe the risk still outweighs the benefit.

The IT Risk/Reward Barometer surveyed more than 4,500 IT professionals worldwide about the risks and rewards associated with BYOD and cloud computing, among other topics. When it comes to BYOD, companies in Africa tend to allow employees to use their own device for work purposes more than companies in other regions do. Thirty-eight percent of responding enterprises in Africa freely allow it, and an additional 31% allow it with limits.

Despite their permissive stance to BYOD, only 18% of respondents in Africa say the benefits—including increased efficiency and cost reduction—outweigh the risk, while 60% still believe that the risk is greater. Despite the potential dangers, 35% of enterprises in Africa still do not have any policy in place regarding BYOD.

IT professionals in Africa report that the following employee activities pose a particularly high risk to the enterprise:

• Storing work passwords on a personal device (80%)
• Losing a work-supplied computer or smart phone (88%)
• Using an online file-sharing service for work documents (68%)
• Downloading personal files onto a work-supplied device (59%)

To help control BYOD risk, enterprises in Africa report having the following security controls in place:

• Password management system (50%)
• Remote wipe capability (26%)
• Encryption (39%)

“Enterprises in Africa are very clear about the risk BYOD poses to the enterprise, yet they seem to be accepting that employees increasingly are using their own devices for work and personal activities,” said John Pironti, CISA, CISM, CGEIT, CRISC, advisor with ISACA and president of IP Architects LLC. “As they are cautiously accepting BYOD, they need to take an embrace-and-educate approach, with clearly communicated policies and education to train employees to help protect both the enterprise and the employees.”

ISACA, a nonprofit association serving 100,000 IT professionals in 180 countries, provides resources to help enterprises address this challenging issue.

“ISACA recently published Securing Mobile Devices With COBIT 5 to help enterprises address mobile device security, including BYOD,” said Pironti. “By applying the globally accepted COBIT business framework to mobile device security, enterprises can better plan, implement and maintain comprehensive security for these devices.”

Full results of the 2012 IT Risk/Reward Barometer are at www.isaca.org/risk-reward-barometer. COBIT 5 is at www.isaca.org/cobit.

About the 2012 IT Risk/Reward Barometer

The annual IT Risk/Reward Barometer helps gauge current attitudes and organizational behaviors related to the risk and reward associated with the blurring boundaries between personal and work devices (BYOD), cloud computing, and increased enterprise risk related to online employee behavior. It is based on September 2012 online polling of 4,512 ISACA members from 83 countries, including 325 members in Africa. To see the full results, visit www.isaca.org/risk-reward-barometer.

About ISACA

With more than 100,000 constituents in 180 countries, ISACA^® (www.isaca.org) is a leading global association for information systems assurance, security, governance and management of IT, and IT-related risk and compliance. It offers the CISA^®, CISM^®, CGEIT^® and CRISC^® designations and the globally respected COBIT^® framework.

Follow ISACA on Twitter: https://twitter.com/ISACANews

Join ISACA on LinkedIn: http://linkd.in/ISACAOfficial