“We don’t have a BYOD programme.”

This statement, referencing mobile device usage in the workplace, is a refrain often heard in European organisations that are tasked with securing the privacy of highly confidential data and personally identifiable information, and managing employee authorisation and access to that data. However, businesses often believe that they aren’t actually subject to cyber-threats from mobile devices because, simply, they don’t currently allow personal mobile devices to access their networks. Ultimately, this posture puts data at risk because every company has a BYOD policy whether they like it or not.