BYOD Security Risks and Mitigation Strategies: Insights from IT Security Experts

ABSTRACT

Bring Your Own Device (BYOD) is considered one of the top security risks organizations face today as these devices are very much part of the working culture of today’s employees. However, there is still a lack of understanding of BYOD security risks and their impact on both information security and service delivery, particularly in the government sector, nor are there any strategies to reduce these risks. To examine this problem, interviews and BYOD risk assessments were conducted with eight IT security experts from selected public sector organizations to furnish in-depth insights into BYOD risks and its impact on organizations, and to recommend mitigation strategies to overcome them. Security risks that emanate from the security behavior of employees using their personal devices are identified and categorized into people, process, and technology risks. The risk assessment resulted in 16 critical risks for public sector organizations and strategies such as security training and awareness (SETA), policy, top management commitment, and technical countermeasures to overcome critical BYOD risks.

KEYWORDS:

• BYOD
• BYOD security risks
• mitigation strategies
• Public Sector Information Security
• qualitative study
• risk assessment

Acknowledgments

The authors would like to extend our heartfelt gratitude and appreciation to the Ministry of Education (MOE), Malaysia for funding this project with the Fundamental Research Grant Scheme (FRGS) (FP056-2019A), Ref-no: FRGS/1/2019/ICT04/UM/02/1

Disclosure statement

No potential conflict of interest was reported by the author(s).

Correction Statement

This article has been corrected with minor changes. These changes do not impact the academic content of the article.

Additional information

Funding

This work was supported by the Ministry of Education [FRGS (FP056-2019A)].

Notes on contributors

Rathika Palanisamy

Rathika Palanisamy is a doctoral candidate at the Department of Computer Systems and Technology, Faculty of Computer Science and Information Technology, University of Malaya, Malaysia. Her research interests include Information Security Risk Management, Security Policy Compliance in organizations.

Azah Anir Norman

Azah Anir Norman is a senior lecturer at the Department of Information Systems, Faculty of Computer Science and Information Technology, University of Malaya, Malaysia. She obtained her Bachelor from National University of Malaysia (UKM), Master from Royal Holloway University of London and Ph.D. from University of Malaya (UM) in 2014. Her area of research interest is in Information Systems, focusing on ICT Secure Application, Human factors of security and privacy, Information Security Governance and Islamic related ICT applications.

Laiha Mat Kiah

Miss Laiha Mat Kiah is a Professor at the Department of Computer Systems and Technology, University of Malaya. She received her BSc. (Hons) in Computer Science from the University of Malaya in 1997, a MSc from Royal Holloway, University of London UK in 1998 and a PhD also from Royal Holloway, University of London in 2007. Her current research interests include cyber security, blockchain technology, the IoT, and health information exchange