Bring your own device to work: How serious is the risk?

Purpose Currently, one of the most significant challenges organizations face is that corporate data is being delivered to mobile devices that are not managed by the information technology department. This has security implications regarding knowledge leakage, data theft, and regulatory compliance. With these unmanaged devices, companies have less control and visibility, and fewer mitigation options when protecting against the risks of cyber-attacks. Therefore, the purpose of this study is to investigate how millennials' use of personal mobile devices for work contributes to increased exposure to cyber-attacks and, consequently, security and knowledge leakage risks. Design/methodology/approach This research used a mixed-method approach by using survey questionnaires to elicit the views of millennials regarding the cybersecurity risks associated with bring your own device policies and practices. Interviews were done with security personnel. Data analysis consisted of descriptive analysis and open coding. Findings The results indicate that millennials expect to have ready access to technology and social media at all times, irrespective of security and privacy concerns. Companies also need to improve and enforce bring your own device policies and practices to mitigate against knowledge leakage and security risks. Millennials increasingly see the use of personal devices as a right and not a convenience. They are expecting security measures to be more seamless within the full user experience. Originality/value This paper can help organizations and millennials to understand the security risks entering the workforce if the threats of using privately owned devices on the job are ignored and to improve organizational performance.

Download Full-text

Workplace policies and training in China: evidence from matched employee-employer data

International Journal of Manpower ◽

10.1108/ijm-10-2013-0249 ◽

2015 ◽

Vol 36 (7) ◽

pp. 986-1011 ◽

Cited By ~ 4

Author(s):

Vinod Mishra ◽

Russell Smyth

Keyword(s):

Organizational Performance ◽

Causal Relationship ◽

Professional Staff ◽

Workplace Training ◽

Cross Sectional ◽

Content Type ◽

Transitional Countries ◽

Workplace Policies ◽

And Training ◽

Policies And Practices

Purpose – The purpose of this paper is to examine the extent to which workplace policies and practices are related to participation in, and frequency and duration of, workplace training, controlling for worker and workplace characteristics. Design/methodology/approach – The authors regress variables depicting participation, frequency and duration of workplace training on workplace policies and control variables. In the case of participation in training, the dependent variable is binary; hence, the authors use a logit model. To examine the number of times which employees participate in training and the number of days they spend training the authors use a Tobit model. The Lewbel (2012) method is used to examine whether there is a causal relationship between workplace policies and the frequency, and duration, of training. Findings – The findings suggest that about half of the workplace policies considered are positively correlated with the incidence and breadth of workplace training. There is also some support for the view that bundling of policies is positively correlated with the provision of workplace training. The Lewbel (2012) results suggest a causal relationship between a bundle of workplace policies and the frequency, and duration, of workplace training. There is, however, no evidence that workplace policies designed to devolve responsibilities to workers and incentivize staff polarizes skills through resulting in more training for professional staff over others. Originality/value – The authors use matched employer and employee cross-sectional data for Shanghai in China. To this point most studies that have examined the determinants of training use data for Europe or the USA. There are few studies of this sort for countries in other regions and, in particular, developing or transition countries. There are no studies at all on the relationship between workplace policies and practices designed to promote organizational performance and training in developing or transitional countries. This study addresses this gap in the understanding of the factors related to on-the-job training in transitional countries, such as China.

Download Full-text

A password-authenticated secure channel for App to Java Card applet communication

International Journal of Pervasive Computing and Communications ◽

10.1108/ijpcc-09-2015-0032 ◽

2015 ◽

Vol 11 (4) ◽

pp. 374-397 ◽

Cited By ~ 4

Author(s):

Michael Hölzl ◽

Endalkachew Asnake ◽

Rene Mayrhofer ◽

Michael Roland

Keyword(s):

Mobile Devices ◽

Data Transfer ◽

Computation Time ◽

Security And Privacy ◽

Sensitive Data ◽

Content Type ◽

Fine Grained ◽

Java Card ◽

Dedicated Hardware ◽

Secure Channel

Purpose – The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever. Design/methodology/approach – A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications. Findings – To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time. Originality/value – By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security, the authors were able to implement this scheme on Java Cards with reasonable computation time.

Download Full-text

Cyber security risks in globalized supply chains: conceptual framework

Journal of Global Operations and Strategic Sourcing ◽

10.1108/jgoss-05-2019-0042 ◽

2020 ◽

Vol 13 (1) ◽

pp. 103-128 ◽

Cited By ~ 3

Author(s):

Shipra Pandey ◽

Rajesh Kumar Singh ◽

Angappa Gunasekaran ◽

Anjali Kaushik

Keyword(s):

Supply Chains ◽

Cyber Security ◽

Cyber Attacks ◽

Point Of View ◽

Mitigation Strategies ◽

Future Research ◽

Security Risk ◽

Security Risks ◽

Content Type ◽

Efficiency And Effectiveness

Purpose The purpose of this study is to examine cyber security risks in globalized supply chains (SCs). It has been seen to have a greater impact on the performance of SCs. The information and communication technology of a firm, which enhances the efficiency and effectiveness in the SC, could simultaneously be the cause of vulnerabilities and exposure to security threats. Researchers have primarily focussed on the cyber-physical system (CPS) vulnerabilities impacting SC. This paper tries to categorize the cyber security risks occurring because of the SCs operating in CPS. Design/methodology/approach Based on the flow of information along the upstream and downstream SC, this paper tries to identify cyber security risks in the global SCs. It has further tried to categorize these cyber security risks from a strategic point of view. Findings This paper tries to identify the various cyber security risk and cyber-attacks in globalized SC for improving the performance. The 16 cyber security risks have been categorized into three categories, namely, supply risk, operational risk and demand risk. The paper proposes a framework consisting of different cyber-attacks across the information that flows in global SCs along-with suitable mitigation strategies. Research limitations/implications The paper presents the conceptual model of cyber security risks and cyber-attacks in globalized SCs based on literature review and industry experts. Further validation and scale development of these risks can be done through empirical study. Practical implications This paper provides significant managerial insights by developing a framework for understanding the cyber security risks in terms of the drivers of these risks and how to deal with them. From a managerial perspective, this framework can be used as a decision-making process while considering different cyber security risks across the stages of globalized SCs. Originality/value The major contribution of this study is the identification and categorization of cyber security risks across the global SCs in the digital age. Thus, this paper introduces a new phenomenon to the field of management that has the potential to investigate new areas of future research. Based on the categorization, the paper provides insights on how cyber security risks impact the continuity of SC operations.

Download Full-text

Understanding the role of the bring-your-own-device policy in medical education and healthcare delivery at the University of Botswana’s Faculty of Medicine

Information and Learning Sciences ◽

10.1108/ils-09-2021-0077 ◽

2022 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Khutsafalo Kadimo ◽

Athulang Mutshewa ◽

Masego B. Kebaetse

Keyword(s):

Medical Education ◽

Mobile Devices ◽

Mobile Device ◽

Healthcare Delivery ◽

Medical Schools ◽

Bring Your Own Device ◽

Content Type ◽

Healthcare Facilities ◽

Device Use ◽

The University

Purpose Seeking to leverage on benefits of personal mobile device use, medical schools and healthcare facilities are increasingly embracing the use of personal mobile devices for medical education and healthcare delivery through bring-your-own-device (BYOD) policies. However, empirical research findings that could guide the development of BYOD policies are scarce. Available research is dominated by studies that were guided by technocentric approaches, hence seemingly overlooking the complexities of the interactions of actors in mobile device technologies implementation. The purpose of this study was to use the actor–network theory to explore the potential role of a BYOD policy at the University of Botswana’s Faculty of Medicine. Design/methodology/approach Purposive sampling was used to select the participants and interviews, focus group discussions, observations and document analysis were used to collect data. Data were collected from 27 participants and analysed using grounded theory techniques. Emerging themes were continually compared and contrasted with incoming data to create broad themes and sub-themes and to establish relationships or patterns from the data. Findings The results suggest that the potential roles for BYOD policy include promoting appropriate mobile device use, promoting equitable access to mobile devices and content, and integrating mobile devices into medical education, healthcare delivery and other institutional processes. Research limitations/implications BYOD policy could be conceptualized and researched as a “script” that binds actors/actants into a “network” of constituents (with shared interests) such as medical schools and healthcare facilities, mobile devices, internet/WiFi, computers, software, computer systems, medical students, clinical teachers or doctors, nurses, information technology technicians, patients, curriculum, information sources or content, classrooms, computer labs and infections. Practical implications BYOD is a policy that seeks to represent the interests (presents as a solution to their problems) of the key stakeholders such as medical schools, healthcare facilities and mobile device users. BYOD is introduced in medical schools and healthcare facilities to promote equitable access to mobile devices and content, appropriate mobile device use and ensure distribution of liability between the mobile device users and the institution and address the implication of mobile device use in teaching and learning. Originality/value The BYOD policy is a comprehensive solution that transcends other institutional policies and regulations to fully integrate mobile devices in medical education and healthcare delivery.

Download Full-text

Mobile device security considerations for small- and medium-sized enterprise business mobility

Information Management & Computer Security ◽

10.1108/imcs-03-2013-0019 ◽

2014 ◽

Vol 22 (1) ◽

pp. 97-114 ◽

Cited By ~ 40

Author(s):

Mark A. Harris ◽

Karen P. Patten

Keyword(s):

Mobile Devices ◽

Mobile Device ◽

Business Strategy ◽

Security Risks ◽

Broadband Internet ◽

Content Type ◽

Security Technologies ◽

Mobile Device Security ◽

Increased Risk ◽

Large Enterprises

Purpose – This paper's purpose is to identify and accentuate the dilemma faced by small- to medium-sized enterprises (SMEs) who use mobile devices as part of their mobility business strategy. While large enterprises have the resources to implement emerging security recommendations for mobile devices, such as smartphones and tablets, SMEs often lack the IT resources and capabilities needed. The SME mobile device business dilemma is to invest in more expensive maximum security technologies, invest in less expensive minimum security technologies with increased risk, or postpone the business mobility strategy in order to protect enterprise and customer data and information. This paper investigates mobile device security and the implications of security recommendations for SMEs. Design/methodology/approach – This conceptual paper reviews mobile device security research, identifies increased security risks, and recommends security practices for SMEs. Findings – This paper identifies emerging mobile device security risks and provides a set of minimum mobile device security recommendations practical for SMEs. However, SMEs would still have increased security risks versus large enterprises who can implement maximum mobile device security recommendations. SMEs are faced with a dilemma: embrace the mobility business strategy and adopt and invest in the necessary security technology, implement minimum precautions with increased risk, or give up their mobility business strategy. Practical implications – This paper develops a practical list of minimum mobile device security recommendations for SMEs. It also increases the awareness of potential security risks for SMEs from mobile devices. Originality/value – This paper expands previous research investigating SME adoption of computers, broadband internet-based services, and Wi-Fi by adding mobile devices. It describes the SME competitive advantages from adopting mobile devices for enterprise business mobility, while accentuating the increased business risks and implications for SMEs.

Download Full-text

Reflections on U-PriSM 2

International Journal of Mobile Human Computer Interaction ◽

10.4018/ijmhci.2014040106 ◽

2014 ◽

Vol 6 (2) ◽

pp. 73-78

Author(s):

Sonia Chiasson ◽

Heather Crawford ◽

Serge Egelman ◽

Pourang Irani

Keyword(s):

Mobile Devices ◽

User Interfaces ◽

Personal Information ◽

Third Party ◽

Security And Privacy ◽

Sensor Data ◽

Usable Security ◽

Security Risks ◽

Privacy And Security ◽

Novice Users

The Second Usable Privacy and Security for Mobile Devices Workshop (U-PriSM 2) was co-located with MobileHCI'13 in Munich, Germany. The U-PriSM 2 was an opportunity for researchers and practitioners to discuss research challenges and experiences around the usable privacy and security of mobile devices (smartphones and tablets). Security and privacy often involve having non-security experts, or even novice users, regularly making important decisions while their main focus is on other primary tasks. This is especially true for mobile devices where users can quickly and easily install apps, where user interfaces are minimal due to space constraints, and where users are often distracted by their environment. Likewise, mobile devices present unique privacy and security risks because they allow third-party applications access to personal information and sensor data. The amount and sensitivity of such personally identifying information is likely to increase as device functionality increases. The convergence of these factors means that improvements to security and privacy provisions on mobile devices are becoming increasingly important. Workshop participants had a chance to explore mobile device usage and the unique usable security and privacy challenges that arise, discuss proposed systems and ideas that address these needs, and work towards the development of design principles to inform future development in the area.

Download Full-text

Employee engagement, human resource management practices and competitive advantage

Journal of Organizational Effectiveness People and Performance ◽

10.1108/joepp-08-2014-0042 ◽

2015 ◽

Vol 2 (1) ◽

pp. 7-35 ◽

Cited By ~ 154

Author(s):

Simon L Albrecht ◽

Arnold B Bakker ◽

Jamie A Gruman ◽

William H Macey ◽

Alan M Saks

Keyword(s):

Competitive Advantage ◽

Organizational Performance ◽

Performance Management ◽

Employee Engagement ◽

Organizational Context ◽

Management Practices ◽

Organizational Outcomes ◽

Content Type ◽

Routine Administration ◽

Policies And Practices

Purpose – The purpose of this paper is to argue in support of a model that shows how four key HRM practices focused on engagement influence organizational climate, job demands and job resources, the psychological experiences of safety, meaningfulness and availability at work, employee engagement, and individual, group and organizational performance and competitive advantage. Design/methodology/approach – This conceptual review focuses on the research evidence showing interrelationships between organizational context factors, job factors, individual employee psychological and motivational factors, employee outcomes, organizational outcomes and competitive advantage. The proposed model integrates frameworks that have previously run independently in the HR and engagement literatures. Findings – The authors conclude that HRM practitioners need to move beyond the routine administration of annual engagement surveys and need to embed engagement in HRM policies and practices such personnel selection, socialization, performance management, and training and development. Practical implications – The authors offer organizations clear guidelines for how HR practices (i.e. selection, socialization, performance management, training) can be used to facilitate and improve employee engagement and result in positive outcomes that will help organizations achieve a competitive advantage. Originality/value – The authors provide useful new insights for researchers and management professionals wishing to embed engagement within the fabric of HRM policies and practices and employee behaviour, and organizational outcomes.

Download Full-text

“Bring your own device” policies: Perspectives of both employees and organizations

Knowledge Management & E-Learning: An International Journal ◽

10.34105/j.kmel.2019.11.012 ◽

2019 ◽

pp. 233-246

Keyword(s):

Literature Review ◽

Mobile Devices ◽

Security And Privacy ◽

Bring Your Own Device ◽

Privacy Concern ◽

Qualitative And Quantitative ◽

Corporate Network ◽

Security Concerns ◽

Efficiency And Productivity ◽

Strong Barrier

Bring Your Own Device (BYOD) policy, which allows employees to use their own mobile devices for work and connection to their corporate network, is getting popular in enterprises. While companies want to improve the efficiency and productivity of employees, employees prefer to use their own devices at work, which make them feel more comfortable and free. Although BYOD seems attractive, companies and employees have some security concerns in different and various ways. The aim of this study is to explore employee and organization perspectives about BYOD. Empirical part of the research has two parts: Qualitative and quantitative. Manager’s opinions were determined through a series of interviews and then the findings were analyzed. In quantitative part, a questionnaire has been developed based on the literature review and qualitative findings. 12 interviews and 93 surveys were used in the analysis. It has been found that while organizations and employees percept BYOD as having benefits in many ways, their security and privacy concern is a strong barrier on the implementation of BYOD policy.

Download Full-text

Predicting Internet of Things (IOT) Security and Privacy Risks – A Proposal Model: توقع مخاطر أمن وخصوصية إنترنت الأشياء (IOT) – نموذج مقترح بحثي

Journal of engineering sciences and information technology - مجلة العلوم الهندسية و تكنولوجيا المعلومات ◽

10.26389/ajsrp.q070621 ◽

2021 ◽

Vol 5 (3) ◽

pp. 133-112

Author(s):

Awad Saad Al-Qahtani, Mohammad Ayoub Khan Awad Saad Al-Qahtani, Mohammad Ayoub Khan

Keyword(s):

Internet Of Things ◽

Security Management ◽

Cyber Attacks ◽

Security Requirements ◽

Security And Privacy ◽

The Internet ◽

Security Risks ◽

Iot Security ◽

Iot Devices ◽

The Internet Of Things

The Internet of things (IOT) users lack awareness of IOT security infrastructure to handle the risks including Threats, attack and penetration associated with its use. IOT devices are main targets for cyber-attacks due to variable personally identifiable information (PII) stored and transmit in the cyber centers. The security risks of the Internet of Things aimed to damage user's security and privacy. All information about users can be collected from their related objects which are stored in the system or transferred through mediums among diverse smart objects and may exposed to exposed dangerous of attacks and threats if it lack authentication so there are essential need to make IOT security requirements as important part of its efficient implementation. These requirements include; availability, accountability, authentication, authorization, privacy and confidentiality, Integrity and Non-repudiation. The study design is a survey research to investigate the visibility of the proposed model of security management for IOT uses, the security risks of IOT devices, and the changes IOT technology on the IT infrastructure of IOT users through answering of the research questionnaires. This work proposes a model of security management for IOT to predict IOT security and privacy threats, protect IOT users from any unforeseen dangers, and determine the right security mechanisms and protocols for IOT security layers, as well as give the most convenient security mechanisms. Moreover, for enhancing the performance of IOT networks by selecting suitable security mechanisms for IOT layers to increase IOT user's security satisfaction.

Download Full-text

A systematic approach to investigating how information security and privacy can be achieved in BYOD environments

Information and Computer Security ◽

10.1108/ics-03-2016-0025 ◽

2017 ◽

Vol 25 (4) ◽

pp. 475-492 ◽

Cited By ~ 2

Author(s):

Abubakar Garba Bello ◽

David Murray ◽

Jocelyn Armarego

Keyword(s):

Information Security ◽

Best Practice ◽

Personal Information ◽

Mitigation Strategies ◽

Security And Privacy ◽

Bring Your Own Device ◽

Content Type ◽

Practice Approach ◽

Privacy Risks ◽

A Current

Purpose This paper’s purpose is to provide a current best practice approach that can be used to identify and manage bring your own device (BYOD) security and privacy risks faced by organisations that use mobile devices as part of their business strategy. While BYOD deployment can provide work flexibility, boost employees’ productivity and be cost cutting for organisations, there are also many information security and privacy issues, with some widely recognised, and others less understood. This paper focuses on BYOD adoption, and its associated risks and mitigation strategies, investigating how both information security and privacy can be effectively achieved in BYOD environments. Design/methodology/approach This research paper used a qualitative research methodology, applying the case study approach to understand both organisational and employee views, thoughts, opinions and actions in BYOD environments. Findings This paper identifies and understands BYOD risks, threats and influences, and determines effective controls and procedures for managing organisational and personal information resources in BYOD. Research limitations/implications The scope of this paper is limited to the inquiry and findings from organisations operating in Australia. This paper also suggests key implications that lie within the ability of organisations to adequately develop and deploy successful BYOD management and practices. Originality/value This paper expands previous research investigating BYOD practices, and also provides a current best practice approach that can be used by organisations to systematically investigate and understand how to manage security and privacy risks in BYOD environments.

Download Full-text