1. Executive Summary
BYOD is one of the approach or trend that the organizations are being forced to contend with. BYOD is Bring Your Own Device approach which allows the employees of the organizations to bring their own computing devices like- smartphones and laptops to work effectively and even to incorporate all of them within the corporation network instead of using the devices provided by the organization. The research states that employees are more familiar with their own devices so BYOD is good option for them and for the organization too as employers save lots of money with the use of this particular approach. They need not to invest upon high-priced devices and data plans. Its recommended that limited access should be provided to the employees over their personal devices and the devices used by the employees should be password protected. Another thing that is recommended over here is that the organizations should make use of end node control approach according to which the employee who left the organization should be discarded or dismissed from the organizational network. The employees should be offered with best possible training stuff regarding the use of BYOD technology in an effective manner.
The report is developed or designed with the aim to make effective analysis over one of the approach known as BYOD which allows the employees of the organization to make use of their personal devices so that they can work with more comfort within the organization. This technology incorporates with various benefits as well as negative aspects that are being discussed within the following report in an effective and highly descriptive manner. Within the following report, proper risk assessment is done regarding the use of BYOD approach together with the responsible key threat agents and the way all those risks can be mitigated in an effective manner. Required recommendations are also provided under the following report in well-structured manner.
3. Risk assessment
A detailed investigation is conducted to find out or assess the risks incorporated with the use and implementation of BYOD technology. The results of the investigation are demonstrated within the following figure-
Figure: Risk assessment for the use and implementation of BYOD technology
The above figure states that mobile data security, data breach security, mobile data security and mobile application security are the major concerns incorporated with the usage and implementation of BYOD technology. The another sort of risks incorporated with the usage and implementation of BYOD technology are- integration with back-end corporate system, executive sponsorship, country-specific regulations, ROI for BYOD, Training cost, expenses regarding the implementation of corresponding applications and controlling employee use of mobile apps
4. Threats to BYOD implementation
Following section includes the detailed discussion upon the threats and corresponding threat agents related with the usage and implementation of BYOD technology-
Threats from employees: The threats possessed by the internal employees of the organization are considered as internal threats and the main threats that can be possessed by them are listed down the section-
- Password maintenance: Weak passwords used by the employees sends direct invitation to the hackers or attackers over the network.
- Accidental or intentional data leakage: The internal data or the data inside the BYOD deviuce might be leaked due to the usage of inappropriate security policies and passwords or by the ex-employees of the organization (due to personal grudges).
Threats from hackers: Hackers can affect the personal and highly sensitive data of organization’s employees in the following manner for the purpose of financial gains and for the purpose of hacktivism-
- Reply attacks: The hackers can send back to back message requests to the employees who are using their personal devices at the workplace as this will slow down the performance of their computer system or device using by them.
- Injecting malware: Hackers can inject malicious code over the personal devices of the employees in order to get unauthorized access over it as through this they can vulnerate the overall data resides under the personal systems of the employees.
5. Main Vulnerabilities related with BYOD implementation
- The employees of the organizations are allowed to make use of their personal devices at the workplace and during this period of time, they sometimes download the malicious code and files from the internet which directly affects the overall important data regarding the organization in negative manner.
- Each device using by the employees of the organization as BYOD approach always have different requirements related with their infrastructure and corresponding operating system used in it so it become hard for the organization to analyze and manage the requirements of each of the employee of its device.
- Carelessness of employees is the another fact of vulnerability that affect the overall adoption and implementation criteria regarding Bring Your Own devices approach at the workplace.
As per the threats incorporated with the usage of BYOD technology at the workplace, the sensitive and highly confidential data of the organization affects in negative manner and the business formula gets leaked in front of the competitive firms and organizations within the market. The hackers can make use of various illegal tactics in order to damage the personal as well as official data of the employees of the organization.
6. What could be done to mitigate the risks and their impact upon the system
- Limit the supporting platform in order to restrict the employees that try to make use of unsupported platform.
- Personal devices used by the employees of the organization should be properly registered with the organization’s network so that it become easy for the organization to manage the number of authenticated users or devices over their organizational network.
- The organization should redefine their support policy and even audit their network to address and resolve network vulnerabilities in an effective manner.
- The password policy should be solidified and network security also need to be tighten so that the hackers and attackers sitting over the network doesn’t take advantage of it in any sense.
- The employees should be offered with proper training sessions over which they will be acknowledged about various aspects related with the usage and implementation of BYOD at the workplace.
7. Summary regarding protection mechanism that could be employed for the purpose of information security
BYOD is one of the best approach that the organization can use to make their employees work more confidently with their own devices at the workplace. BYOD approach provides a user friendly environment to its users but along with various advantages of this, it also incorporates with various threats, challenges and issues which are important to be identified and resolved. One of the researchers’ states that social engineering attack is one of the foremost threat that affect the usage of BYOD approach which can be mitigated with the usage of proper encryption approach. The Insider threats can be resolved with the usage of strong password policy and even by training the staff members accordingly. On the other hand, another researcher states that in order to manage the network security threats, the organization should make use of string firewall system and intrusion detection system.
The above report states that BYOD is not only incorporated with various features and functionalities but also become the core reason for various data security and threats such as- Reply attacks, injecting malware, weak passwords and Accidental or intentional data leakage. All these threats can be resolved effectively by limiting the supporting platform in order to restrict the employees that try to make use of unsupported platform. Its recommended that the employees should be offered with proper training sessions over which they will be acknowledged about various aspects related with the usage and implementation of BYOD at the workplace.