Effect of Bring your own Device (BYOD) on Cybersecurity at workplace
Several new trends in information access are impacting organizations’ ability to control and secure sensitive corporate data. The increase in web applications, cloud computing and Software as a Service (SaaS) offerings, and the Bring Your Own Device (BYOD) phenomenon, means that employees, business partners and customers are increasingly accessing information using a web browser on a device not owned or managed by the organization (Morrow, 2012). Bring your own device (BYOD) is process whereby when individual/ employees can use personal devices for business purposes (Privacy Right, 2013). And the ‘D’ in BYOD includes more than just smartphones. It also includes employees logging into web applications such as Outlook Web Access and SharePoint, SaaS applications such as CRM systems or healthcare billing applications hosted in cloud services, from home desktop or laptop computers (Morrow, 2012). The concept of “bring your own device” (BYOD) is a growing trend for business IT. There are a variety of benefits to allowing users to supply their own PCs and mobile devices, but there are also some concerns (Bradley, 2011). Several studies have also shown that BOYD is one the three biggest cybersecurity threat of 2014 (Singh, 2012). In addition, it is suggested that BYOD, or “bring your own device,” can no longer be thought of as a fad; it is quickly becoming the new reality. In addition, as this trend grows, all businesses are potentially at risk which can stem from both internal and external threats, including mismanagement of the device itself, external manipulation of software vulnerabilities and the deployment of poorly tested, unreliable business applications (Singh, 2012). In this study, the effect of Bring your own Device (BYOD) on Cybersecurity at workplace will be investigated.
It might be concluded that due to using of unauthorized devices such as personal electronic device also known as Bring Your Own Device (BYOD) at workplaces causes intrusion into the company network, thereby causing data loss, stolen intellectual property to mention but few.
Arriving at this hypothesis: It was not an easy task, however, following the provided information made it easier. Coming up with the hypothesis, I had to brainstorm and do enough research to come up with a schematic sketch of the variables (independent and dependent) involved in this issue. To ensure the hypothesis is an empirical statement, general phenomenon, plausible, specific, consistent and testable. In this hypothesis, the identified independent variable is the personal electronic device (BYOD) while the dependable variable is the network intrusion, thereby causing data loss, stolen intellectual property.
Figure 1: Schematic sketch of identified variables
Independent Variable Dependent Variable
Use of Personal Electronic Device â†’ Network intrusion
Figure 1: showing the dependable and independent variables of the hypothesis
Studies have shown that one of the biggest challenges for organizations when employees use their own device organizations is that corporate data is being delivered to devices that are not managed by the IT department (Morrow, 2012). This has security implications for data leakage, data theft and regulatory compliance (Morrow, 2012).in addition, the use of unmanaged devices such as BYOD causes enterprises to have less control and visibility, and fewer mitigation options than they do with managed devices (Morrow, 2012). In addition, Laptops, smartphones and tablets that connect to corporate networks significantly increase threats to sensitive data (Morrow, 2012). . Organizations should be concerned about the security state of endpoint devices and the risks to which they are exposed. Key loggers, malware and cyber-attacks have greatly increased the potential for unauthorized access to, and information theft from, endpoints. Potential unintended consequences – such as data leakage and malware – reinforce the need to enhance the security of corporate data. A malicious employee can easily steal company trade secrets, intellectual property or sensitive customer information by saving it locally or to a cloud service, sending it through accounts in Dropbox and you send it or emailing it via a personal webmail account. Organizations must control the data after it’s delivered to the device to prevent accidental or intentional loss by careless or malicious end users.
Studies have also shown that to assess the risks of BYOD computing, everything from data contamination to user habits to the activities of criminal syndicates needs to be considered (Romer, 2014). Some of the security risks to be considered includes:
- Security as an afterthought: Shows that most mobile devices either lack advanced security features or have them disabled by default. Even basic features such as screen locks are turned off, and most users leave them that way (Romer, 2014).
- Data contamination: Shows the photos and other content share storage space along with confidential business data. This combining of data introduces new risks to the enterprise. Through carelessly configured back-ups or file copies, personal content might accidentally end up on corporate file servers. Worse, personal files that contain malware might spread to business files and from the mobile device to internal file servers and other enterprise assets (Romer, 2014).
- New Forms off malware: Shows that New forms of malware targeting mobile devices are on the rise. IBM predicts that mobile malware will grow 15% annually for the next few years (Romer, 2014). Hackers and criminal syndicates realize that most mobile devices are less secure than more traditional devices such as laptops (Romer, 2014). They have begun targeting mobile devices for attacks ranging from mischievous pranks to advanced persistent threats that stealthily copy internal data over many months, transmitting it to remote control centers around the world (Romer, 2014).
- Phishing attacks that slip past network defenses – Shows that many employees routinely catch up on email and work during evenings and weekends, and when they do, they typically use smartphones or tablets (Romer, 2014). Realizing that most of these devices lack AV software and that most email and web traffic accessed remotely bypasses inspection by firewalls and gateways, attackers are now designing phishing attacks and other email exploits to be triggered during non-business hours (Romer, 2014).
- Lost Devices: Shows that on average, a cellphone is lost in the US every 3.5 seconds.1 Even if a lost smartphone or tablet does not contain confidential data, it still might include apps or cached credentials that make it easier for criminals to infiltrate an enterprise network (Romer, 2014). As workers begin carrying more devices, the likelihood of them losing devices only increases (Romer, 2014).
- Risky file sharing: shows that to ensure all their devices have the files they need, employees often try out one or more file-sharing services, including free but risky file-sharing apps that run on public clouds (Romer, 2014). Unfortunately, these services, though popular, are usually not secure enough to be trusted with enterprise data (Romer, 2014).
Conclusions with recommendations
Overall, this study shows that organizations should be concerned about the security state of endpoint devices and the risks to which they are exposed. In addition, key loggers, malware and cyber-attacks have greatly increased the potential for unauthorized access to, and information theft from, endpoints. Potential unintended consequences – such as data leakage and malware – reinforce the need to enhance the security of corporate data. In addition, to protect valuable information such as intellectual property, organizations need to make data security a top priority. To counter these sophisticated threats, organizations should employ a layered security strategy that provides necessary access to corporate information while minimizing risk and maintaining compliance (Privacy Right, 2013). When it comes to sensitive information, the focus must go beyond authorized and unauthorized users and extend data protection from storage through transport to delivery on the endpoint to prevent sensitive data loss (Privacy Right, 2013). Organizations also need to stop making a distinction between devices in the corporate network and devices outside of it, and focus instead on protecting their information (Privacy Right, 2013). They must compartmentalize access to sensitive information, employ better audit logging and log analysis, and deploy security solutions that are designed to support current BYOD strategies, such as those that can control the replication of data (Privacy Right, 2013). In conclusion, organizations must now readdress their corporate policies to ensure that their greatest asset information – is being safeguarded on these mobile devices that are outside of their direct control (Gatewood, 2012).
Singh, Niharika. “B.Y.O.D. Genie Is Out Of the Bottle – “Devil Or Angel”
Journal of Business Management & Social Sciences Research (JBM&SSR)
ISSN No: 2319-5614 Volume 1, No.3, December 2012
Bradley, Tony. “Pros and Cons of Bringing Your Own Device to Work.
” PCWorld. PCWorld, 21 Dec. 2011. Web. 17 Dec. 2016.
Privacy Right.” Bring Your Own Device (BYOD) . . . at Your Own Risk | Privacy Rights Clearinghouse.
Privacy Rights Clearinghouse, 1 Sept. 2013. Web. 17 Dec. 2016. <https://www.privacyrights.org/consumer-guides/bring-your-own-device-byod-your-own-risk>.
Network Security, 2012 (12), pp. 5-8.
Romer, Hormazd. “Best Practices for BYOD Security.”
Computer Fraud & Security 2014.1 (2014): 13-15. Web. 17 Dec. 2016.