Bring Your Own Device Adoption and Information Security Risks Among Small and Medium Enterprises in Nairobi County

Abstract

When it comes to raising capital and keeping up with technology, small and medium-sized businesses (SMEs) face numerous challenges. To address these challenges, they have resorted to allowing employees purchase and use personal devices at the workplace and this is what Bring Your Own Device (BYOD) entails. Although SMEs have been aggressive in BYOD adoption but forget to look at the security part of it. The purpose of the study was to examine the information security risks observed as a result of BYOD adoption among in SMEs in Nairobi County. The study employed a descriptive cross-sectional research approach. 43,539 registered and licensed SMEs in Nairobi County were the subject of the study and 196 of them were sampled. Using a structured a self-administered structured questionnaire, primary data was gathered. The questionnaire was administered to respondents that held positions that gave them intimate knowledge about the information technologies adopted by their respective organizations including owners, directors, IT administrators, program managers, heads of departments, and supervisors. Descriptive and inferential statistics were used to examine the data collected and tables and charts were used to report on the findings. The study revealed that SMEs in Nairobi County have in some way permitted BYOD. It also revealed that there is little if any correlation between the extent of BYOD adoption and application in communication, research, data management and storage, and in networking and information security risks. The study recommended the sensitization of the top top-level management on the phenomenon to appreciate it as a formal concept and fully understand the risks it poses before adoption and the inclusion of training and awareness programs on the same.