Bring Your Own Device and Corporate Information Technology Security: Case of Firms Listed on the Nairobi Securities Exchange Limited

Abstract

Recent years have seen an explosion in consumer mobile computing devices and this has been accompanied by falling prices that make these mobile devices within easy reach of the common man. As a result, organizations that traditionally allowed access to corporate systems through fixed company owned computers are seeing increased numbers of employees purchasing their own mobile devices and demanding to have them enabled to access corporate resources. This is what Bring your own device (BYOD) is. The adoption of BYOD has raised concerns which organizations have to address. This study sought to find out the extent to which BYOD has been adopted in organizations, the accompanying benefits, the threats associated with BYOD, and the counter-measures that organizations have put in place. The study focused on all 61 organizations as listed on the Nairobi Securities Exchange Limited (NSE). A structured questionnaire was used to collect data from respondents within the selected organizations in charge of Information Technology. These respondents included IT managers, IT security managers and IT officers. The data collected was analyzed using frequency, percentages, means, standard deviation and factor analysis. The results were presented using tables and charts. The study revealed that over ninety percent of organizations in the NSE have allowed BYOD in one form or the other. It was also revealed that over half of all the companies studied allowed over 50% of the staff to use their own personal devices for work-related tasks. It was also found that most of the organizations were not ready for BYOD. Most did not have BYOD specific counter-measures in place and instead relied on old security infrastructures that may not be suitable for mobile devices. The top benefit that organizations experienced from adopting BYOD was that of having their employees work flexible hours. The study recommended that organization should address BYOD threats by developing proper policy and procedures, investing in training employees and adopting mobile device management solutions.