Bring your own device to work: how serious is the risk?

Abstract

Purpose Currently, one of the most significant challenges organizations face is that corporate data is being delivered to mobile devices that are not managed by the information technology department. This has security implications regarding knowledge leakage, data theft, and regulatory compliance. With these unmanaged devices, companies have less control and visibility, and fewer mitigation options when protecting against the risks of cyber-attacks. Therefore, the purpose of this study is to investigate how millennials' use of personal mobile devices for work contributes to increased exposure to cyber-attacks and, consequently, security and knowledge leakage risks. Design/methodology/approach This research used a mixed-method approach by using survey questionnaires to elicit the views of millennials regarding the cybersecurity risks associated with bring your own device policies and practices. Interviews were done with security personnel. Data analysis consisted of descriptive analysis and open coding. Findings The results indicate that millennials expect to have ready access to technology and social media at all times, irrespective of security and privacy concerns. Companies also need to improve and enforce bring your own device policies and practices to mitigate against knowledge leakage and security risks. Millennials increasingly see the use of personal devices as a right and not a convenience. They are expecting security measures to be more seamless within the full user experience. Originality/value This paper can help organizations and millennials to understand the security risks entering the workforce if the threats of using privately owned devices on the job are ignored and to improve organizational performance.