Bring-Your-Own-Device (BYOD): An Evaluation of Associated Risks to Corporate Information Security

Abstract: This study evaluates the cyber-risks to Business Information Assets posed by the adoption of Bring-Your-Own-Device (BYOD) to the workplace. BYOD is an emerging trend where employees bring and use personal computing devices on the companys network to access applications and sensitive data like emails, calendar and scheduling applications, documents, etc. Employees are captivated by BYOD because they can have access to private items as well as perform certain job functions while being unrestricted to their desks. This is however usually done on the blind side of management or the system administrator; a situation that tends to expose vital and sensitive corporate information to various threats like unwanted network traffic, unknown applications, malwares, and viruses. Expert opinions were elicited in this exploratory study. The study evaluated the characteristics of BYOD, assessed associated risks, threats and vulnerabilities. The findings indicate that little or no security measures were instituted to mitigate risks associated with BYOD. Though, profound benefits abound with BYOD adoption, they could be eroded by security threats and costs of mitigation in curing breaches. The most significant risk was found to be Data Loss which was in consonance with similar studies on Smartphone security risks. Some mitigation measures are then recommended.