An exploration of how BYOD (Bring Your Own Device) user behavior impacts on an organization’s information security: A case study of Madison Insurance Company Kenya Limited
Abstract
This research explores how BYOD (Bring Your Own Device) user behavior impacts on an
organization’s information security, a case study of Madison Insurance Company Kenya Limited
(MICK). An empirical survey, using two (2) different sets of self administered questionnaires was
conducted to achieve this purpose; the random sample questionnaire (hand-delivered) and the expert
sample questionnaire (through email).
Every MICK branch approximately has four (4) units, making a total of eighty-four (84) units. The
researcher randomly singled out four (4) employees per a branch to create a total of eighty-four (84)
respondents who gave their feedback through questionnaires. The rationale behind this choice was to
have representation from each and every MICK branch.
The expert sample respondents were specific because the survey inquiry required those with
specialized knowledge to give their opinions. As such, the sample identified for this purpose
comprised entirely of the ICT department staff.
The results of this research revealed that majority of the BYOD users do actually engage in certain
behaviors that put informational assets in portable devices (BYODs) at risk. However, the level of
risky behavior was not found to be as high as anticipated. More so, a commendable degree of user
knowledge on information security existed and consequently the threats/vulnerabilities posed to the
company were found to be considerably low. It was however inferred that a high likelihood of an
influx of user owned devices into the work place was greatly probable hence a foreseeable growth in
data and information security threats.
This research’s results thus enable MICK to better understand the dynamics of user behavior and
hence aid in facilitation and implementation of BYOD policies that factor-in these behaviors and
consequently foster a safer and more secure BYOD ICT environment. The adoption of a befitting
BYOD model for the company was thus recommended since the environment at MICK was deemed
ripe for such.
In order to achieve this, the optimized hybrid conceptual framework for BYOD adoption in particular
was developed as a model befittingthe MICK BYOD scenario. The attractiveness of this model and its
agreeability with the study findings was its flexibility and the fact that it took into consideration the
underlying organizational infrastructure. Therefore, its implementation will have positive implications
on the MICK’s BYOD policy formulation moving forward.
Publisher
University of Nairobi