Bring your own (security) disaster
Bring your own device (BYOD) to work is common practice these days. Almost everyone has a smart or a tablet and in many office and other jobs, using the device makes workers more effective and more efficient in their work (games and personal social media aside, perhaps). A new study in the International Journal of Teaching and Case Studies suggests, however, that most company IT security managers would prefer employees not to BYOD.
Khaled Zayed of the International School of Management in New York, USA and also Paris, France, reiterates the security and safety concerns that surround BYOD and has carried out a qualitative case study of information technology security managers to determine the industry perspective on BYOD.
"IT is critical in our modern world for doing business and communicating with others," explains Zayed, "Businesses, governments, and individuals rely on internet-enabled technology to achieve this, using mobile devices, e-mails, and social media, and companies around the world conduct business using local and wide area networks and virtual private networks." The social networking servers, process virtualization, and cloud computing present both opportunities for rapid innovation as well as risks to proprietary information, trade secrets and intellectual property, especially when those workers with access to sensitive data use their own devices.
There are security concerns for any networked data and system, viruses and other malware, phishing and hacking attacks, identity theft, data leaks, corporate espionage, denial of service attacks, and of course social engineering and confidence tricks. It has been said many times before that companies must establish strict policies to address the risks, as employees using IT at work and in particular in the context of BYOD are wholly unaware of the risks. If they are aware of the risks they are not necessarily aware of ways to mitigate those risks or how to address problems that arise if their or the company IT systems are compromised.
Zayed, K. (2016) 'Information security awareness: managing web, mobile and endpoint security; overcoming the challenges of bring your own device', Int. J. Teaching and Case Studies, Vol. 7, Nos. 3/4, pp.271-288.