BYOD, Password Policies Ramp Up for Businesses

In today’s mobile landscape, managing both company- and employee-owned mobile devices is a universal challenge for corporate IT administrators. A report from Champion Solutions has found that organizations are nearly evenly split between those that have a formal BYOD policy (47 percent) and those that do not (53 percent)–but that password hygiene is alive and well.

There’s an onus on IT departments to develop ways to empower mobile employees while simultaneously establishing mobile-security procedures and support models that appropriately address business security concerns.

“This research we conducted is very important and relevant in today’s mobile workforce,” said Chris Pyle, president and CEO of Champion Solutions Group and MessageOps. “Our goal is to present businesses, both large and small, with the facts uncovered in the report to assist them with developing policies around Enterprise Mobility Services. Many of our customers would like to know if their policies are too constraining or too lose, and this gives them the ability to compare to their peers in the same industries and size of business.”   

Interestingly, when it comes to password policies, most organizations favor complex alphanumeric passwords of six to 10 characters. And, more than three-quarters (77 percent) of those polled have policies to lock out devices after multiple failed log-in attempts, usually between three and five failed tries.

Also, around 72 percent of organizations require re-authentication of mobile devices after periods of inactivity, with most opting for lockout after five to 15 minutes. The vast majority of those polled have provisions in place for expiring passwords and prohibiting re-use of old passwords.

“The results are very interesting,” said Jason Milgram, director of software development at Champion Solutions Group and MessageOps. “What you’d expect from a larger organization is not necessarily in line with what all of the results show, and the same for some smaller companies. I definitely encourage businesses to review the information, look at the policies they have or do not have in place, and use the research as they update their mobile device security strategy.”