BYOD security risks and mitigation strategies: Insights from IT security experts
Document Type
Article
Publication Date
10-2-2021
Abstract
Bring Your Own Device (BYOD) is considered one of the top security risks organizations face today as these devices are very much part of the working culture of today's employees. However, there is still a lack of understanding of BYOD security risks and their impact on both information security and service delivery, particularly in the government sector, nor are there any strategies to reduce these risks. To examine this problem, interviews and BYOD risk assessments were conducted with eight IT security experts from selected public sector organizations to furnish in-depth insights into BYOD risks and its impact on organizations, and to recommend mitigation strategies to overcome them. Security risks that emanate from the security behavior of employees using their personal devices are identified and categorized into people, process, and technology risks. The risk assessment resulted in 16 critical risks for public sector organizations and strategies such as security training and awareness (SETA), policy, top management commitment, and technical countermeasures to overcome critical BYOD risks.
Keywords
BYOD, BYOD security risks, Mitigation strategies, Public sector information security, Qualitative study, Risk assessment
Divisions
fsktm
Funders
Ministry of Education[FRGS][FP056-2019A]
Publication Title
Journal of Organizational Computing and Electronic Commerce
Volume
31
Issue
4
Publisher
Taylor & Francis