Security Threats Related to BYOD Devices and Effective Countermeasures

Verified

Added on 2021/05/30

AI Summary

This report provides a comprehensive overview of the security threats associated with Bring Your Own Device (BYOD) policies in the workplace. It explores various risks, including device theft, data leakage, and network security vulnerabilities. The report delves into the benefits of BYOD, such as increased employee productivity and cost savings, while also highlighting critical considerations for creating a robust BYOD policy. It discusses real-world examples, such as the implementation of BYOD in a medical office, and examines the IBM MobileFirst platform as a solution to mitigate risks. The report also provides a critical evaluation of BYOD, weighing the advantages against the security concerns, and recommends strategies like cloud technology and mobile application software to manage and reduce risks. Ultimately, the report concludes that BYOD is inevitable, and that its successful implementation depends on balancing the benefits with effective security measures and policies.

Security threats related to BYOD devices and countermeasures
Student’s name
Institution Affiliation(s)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Overview of BYOD technology
There are many things to think about when it comes to bringing your own device
to work, whether you are the employee or the company or business doing the employing.
There are specific benefits to allowing the Bring Your Own Device (BYOD) trend into a
business or workplace, but there are also some risks. The BYOD trend is one being
debated in industries from an IT security standpoint. One thing to consider is that
employees are always seeking new ways to get their work done more efficiently, and a lot
of them are using their devices to fill a gap in the productivity offered by existing
technology in their workplace. So what exactly are the things to consider? What are the
significant risks and benefits of implementing a BYOD policy?
Benefits of BYOD
The benefits of Bring Your Own Device (BYOD) in the workplace are plentiful.
BYOD can enhance a user’s ability to complete a large volume of work at any time due
to the existence of a present and available device to handle their workload. The fact that
users can use their own devices means that each user may complete their work in the
comfort of their own virtual workspace (Annibali, 2015). Some users may be accustomed
to using a specific application that may play to their particular strengths and can complete
their work in promptly due to these circumstances. With newer emerging technology and
a younger generation of tech workers getting hired at larger organisations, the ability to
work flexibly has become a hot commodity, and BYOD can alleviate some of the issues
involved with being tethered to the office.

When considering a BYOD policy, a company is likely to focus on the
relationship between the risks and benefits of doing so. The goal of any workplace is
usually to keep cost down when it comes to how to get work done and to keep employees
happy and productive. So what are the benefits of BYOD? One of the most significant
advantages to consider is the fact that it could potentially save the company money
(Ballard, 2012). As suggested in the article on the IBM MobileFirst website, when
employees use their own devices for work, it could save the company money because the
employee has a device that they have personally purchased. The company, therefore,
doesn’t have to shell out money to cover that device. This could also boost employee
satisfaction since they are using a mobile device or laptop that they are comfortable with
and know how to use.
It also saves them from having to carry around multiple mobile phones, like a
personal cell phone and a business cell phone, which can get annoying to manage.
Enabling employees to use their own devices could also result in more productivity. This
would be because they are using devices they are already familiar with, so time and
money are saved on training an employee on how to use individual systems. A BYOD
Policy can mitigate these types of things, ensuring that costs are kept lower and more
manageable and that employees are happier with the options they have in completing
work (Cavoukian, Information and Privacy Commissioner/Ontario, & TELUS
Corporation, 2014).

Security threats of BYOD
There are risks to consider though, and they are essential things to think about.
One significant threat to think about is how to control and protect sensitive information.
Allowing employees to use their own devices makes this task more difficult, but not
impossible. In fact, (Hayes & Kotwica, 2013) thinks that BYOD is inevitable. He
believes that the IT security side of BYOD is critical, but that companies and their IT
departments need to address this issue and move on. (Kohne, Ringleb, & Yücel, 2015)
wrote an article in which he identifies the top three risks of BYOD.
The first risk he identifies is the theft of the device, noting that device loss
statistics are high and theft statistics are even higher, with 1.4 million losses in 2013 and
3.1 million robberies in 2013.
The second risk he identified is data leaks, noting that personal devices might be
more accessible to be hacked into and that most people do not even take primary
measures to protect their mobile devices or the data they keep on them.
The third risk he identified is network security. This is the major one that comes
to mind the most. One way to manage the risk of data leakage is to encrypt the data on
the device using the cloud. Data breaches are somewhat inevitable in a BYOD business
modelled company so encoding the data will present some challenges to potential hackers
as they cannot access the data to impose their malicious will (Martinez, Courtney,
University of Victoria (B.C.), & University of Victoria (B.C.), 2014).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Organizations can maintain access to these devices using an app that can give
access to the business network securely and can revoke access to the system or
completely wipe a device if the device has been compromised physically. Users would
need to sign an agreement or policy stating that the organisation has the right to do so to
protect the integrity of the company as well as the company’s data in the event of a stolen
device or a malicious cyber-attack.
Things to Consider in a BYOD Policy
One of the most important things to consider from an IT security standpoint
would be in how to keep sensitive information and privacy kept protected and maintained
(Redmon, 2014). The company would have to figure out how to create and implement
security procedures that address these concerns, as well as some others mentioned by
Redmon. Some of these things include how to secure data, how to apply IT support for
the devices, how to develop and integrate a communication policy in accordance with a
BYOD Policy, how to provide a data plan to accommodate these devices and allow users
to work on a network, how to control access to certain applications, data recovery/lost or
stolen devices, among other things. It might be beneficial to implement a BYOD Policy,
but that does not necessarily mean that it is an easy task.
How is BYOD Working in the Real World?
A real-world example of Bring Your Own Device thriving in the workplace
happens to be at my fiancée’s job. She is a supervisor for an OB/GYN office in our area
and with the recent implementation of BYOD for the Providers. Each doctor was given a
Microsoft Surface Pro that they could sling over their shoulder and use throughout the

day instead of the traditional desktop machine in each patient’s room (Rogers, 2016). The
doctors can then use these devices as they meet with each patient and take in information
such as height, weight, and other information and they can also connect to the intranet for
medical diagnoses. This network and the device can be used to reach out to other medical
professionals for advice or opinions. The devices were connected to a cloud network
within the practice that keeps patient records, charts, etc. stored in the database. The
database is managed by an IT team led by a database administrator within the hospital to
protect patient records from being compromised. If this data is stolen, it could violate
federal HIPAA laws, so the information is encrypted to manage the risks associated with
the BYOD business model (Schad, 2014).
Apple and IBM have teamed up to create what is called IBM MobileFirst
platform. It is what Apple Inc. labels a new generation of applications or apps, which will
connect users to data on their own devices and create a more efficient workplace because
they will be able to access the data and analytics anywhere they are. There are several
apps in IBM MobileFirst that will be used for specific tasks, but that is predicted to
change the way that process is carried out. The apps are customizable to a user’s data
ecosystem, company branding, business process, among other things. These apps are
designed to learn how users implement them and adapt to what types of information is
needed and what functions to make available.
Critical evaluation of BYOD
To me bring your own device is fading out due to security issues. I have never
seen that as an advantage for any company. Even though I have my own views on

BYOD, it still grows in some companies, and like anything using this way has its
advantages. One example of these advantages is increased worker satisfaction. This
means the workers are usually more satisfied and comfortable with using their own
devices. Saving money, of course, is another advantage towards BYOD. Training cost for
how to use the device would not be required, and supplying the device would be obsolete
also. I too believe productivity would be enhanced due to the know-how of the device. So
if employees are already familiar with the device, they will feel more comfortable when
their different fulfilling tasks. To sum this up when employees feel comfortable and
confident the job will be done faster and more efficiently so overall BYOD will help
enhance employee performance (Schad, 2014). As good as the benefits sound when
anything from a business such a device is taken home risks become greater. Think if an
employee left their phone in a taxicab or a friend gets it and accesses accounts of credit
card information from customers. Before making a big decision such as BYOD, it is
useful first to weigh your options.
We also must remember we forget as humans a lot. Employees can leave data
exposed for hackers and forget to apply software security updates. Even businesses have
no control over software coding errors in third-party apps running on the employee’s
device. The primary objective is to keep our customer’s information and the company’s
information as safe as possible. Depending on the position some employees don’t have
enough care for the company as they should. I would recommend cloud technology to
manage BYOD (Annibali, 2015).
Cloud technology allows employees to transfer information through a safe,
organised platform. Using cloud keeps employees from overhauling their entire IT

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

infrastructure. Mobile application software is another way to manage and reduce risks
towards BYOD. Malware is a favourite way for cybercriminals to steal information. With
mobile app software, IT workers can control which apps can be installed on their devices.
Even though I might have feelings about this method being unsafe, it has been proven to
work in individual companies. Intel, for example, is one of those successful companies
that implement this method. Over 30,000 employees use this method in this company
(Wu, 2014).
Intel also allows employees to choose what level of access they receive. These
practices seem to work inside this company surprisingly. It impresses that a company that
big still has the respect of its employees no to try anything malicious towards the
company. Many other companies such as Blackstone and SAP are very successful with
using this method. I first had doubts about using this method due to the risks of
untrustworthy employees. As I read through, I see that there are ways to implement this
method and still maintain a thorough and secure company. I too would use the technique
but increase the punishment of betraying the company (Hayes & Kotwica, 2013).
Running a company, I think employees being comfortable is one of the primary keys to
starting a successful business.
Conclusion
With all of these things considered, it seems BYOD is in fact inevitable. It
certainly looks as though the benefits outweigh the risks, especially when taking into
consideration the IBM MobileFirst platform and all that it offers. This platform provides
real solutions to the risks and benefits people worry about when deciding whether or not

to adopt a BYOD Policy. If I had to choose whether or not to implement BYOD in an
organisation, I would consider it. I believe the increase in productivity associated with
BYOD within a business far outweighs the risks as the risks can be managed efficiently,
and data can be secured. Security policies are there for a reason and being as though
BYOD will be the new trend in organisations shortly it would be beneficial for
information security professionals to analyse the latest trends and create new policies to
protect the integrity the organisation and its reputation.

References
Annibali, J. A. (2015). Reclaim your brain: How to calm your thoughts, heal your mind,
and bring your life back under control.
Ballard, M. (2012). Bring your own device - Unabridged Guide. Dayboro: Emereo
Publishing.
Cavoukian, A., Information and Privacy Commissioner/Ontario,, & TELUS
Corporation. (2014). BYOD: (bring your own device): Is your organization
ready?
Hayes, B. E., & Kotwica, K. (2013). Bring your own device (BYOD) to work: Trend
report. Oxford: Elsevier.
Kohne, A., Ringleb, S., & Yücel, C. (2015). Bring Your Own Device. Bring your own
Device, 7-23. doi:10.1007/978-3-658-03717-8_2
Martinez, K., Courtney, K. L., University of Victoria (B.C.), & University of Victoria
(B.C.). (2014). Bring Your Own Device and Nurse Executives Decision Making:
A Qualitative Description.
Redmon, K. (2014). Cisco bring your own device (BYOD) networking. Place of
publication not identified: Cisco Press.
Rogers, K. D. (2016). Bring your own device: Engaging students & transforming
instruction.
Schad, L. (2014). Bring your own learning: Transform instruction with any device.
Wu, S. S. (2014). A legal guide to enterprise mobile device management: Managing
bring your own device (BYOD) and employer-issued device programs.