Risks Associated with BYOD

A "bring your own device (BYOD)" policy is when an organization allows employees to use their own devices on the company network. While this can save the organization money and allow for more employee freedom, there are security risks associated with it. This article explains the principles of BYOD, some benefits of BYOD for an organization, and the many ways that BYOD can increase the risk to a company's data and information systems.

Literature review and findings

Bring Your Own Device


Mobile devices (universal serial bus, tablet computers, laptops, and smartphones) of all shapes and sizes have become a part of our daily lives. The concept of BYOD involves permitting an employee to connect his or her own personal mobile devices to the organisation's network and applications. The BYOD concept has been adopted by organisations, both governmental and non-governmental, of all sizes and across all industries. Gupta et al. (2013) indicated that smartphone sales to end users have reached 225 million units in the second quarter of 2013 and Rohan (2013) stated that employees are using their personal mobile devices for official work purposes. If organisations do not support employees in their wish to use their own personal devices for work purposes, the employees may figure out ways to support their devices themselves. This will place sensitive corporate data at risk. It is therefore important that organisations enable employees to get their work done in the most appropriate manner without compromising the integrity of the data. Although it is not the purpose of this article to discuss the benefits associated with the adoption or deployment of a BYOD programme, a few benefits are listed. The benefits include, but are not limited to, the following:

  • increase in productivity of employees
  • increased revenue
  • reduction in expenses for corporate-liable mobile device and data services.

Based on the above-mentioned benefits, it is understandable why many organisations would be inclined to opt for the adoption and deployment of BYOD programmes. It should however be noted that whilst the benefits are good, failure to consider the concerns and risks surrounding the adoption or deployment of a BYOD programme noted by industry experts could have dire consequences on the organisation. Several concerns and risks were identified during the extensive literature review, which arise as a result of an organisation deploying a BYOD programme. The concerns and risks identified have been classified as either strategic or operational in nature and have been discussed in sections 'Strategic incremental concerns and risks' and 'Operational concerns and risks'.