Risks Associated with BYOD

A "bring your own device (BYOD)" policy is when an organization allows employees to use their own devices on the company network. While this can save the organization money and allow for more employee freedom, there are security risks associated with it. This article explains the principles of BYOD, some benefits of BYOD for an organization, and the many ways that BYOD can increase the risk to a company's data and information systems.

Literature review and findings

Conclusion


Bring Your Own Device involves allowing an employee to use his or her own mobile device to access his or her organisation's network. Many organisations are embracing this trend in an attempt to create value. This comes at a cost. The aim of the research was to identify the risks which arise as a result of an organisation adopting a BYOD programme as well as using a recognised framework to identify controls which could be implemented to reduce the risks to an acceptable level.

The literature review revealed 50 risks which could arise if an organisation adopts a BYOD programme. The user of this research should note that there may be other incremental risks which may arise at their organisation. This is entirely dependent on the circumstances and control environment found at the organisation. COBIT 5 framework was selected as an acceptable framework to use in identifying controls which could reduce BYOD risks to an acceptable level. Six key risk areas were identified. These can be managed by a control framework which consists of four key elements: (1) policy development outlining acceptable user behaviour and monitoring the compliance thereof, (2) user education and the provision of user support services, (3) a software component addressing device, network and mobile device management systems and (4) a technological component that focuses on anti-malware, encryption, authentication and containment.