ENSURING THE INFORMATION SECURITY OF THE ORGANIZATION WHEN IMPLEMENTING THE BYOD CONCEPT
DOI:
https://doi.org/10.18372/2225-5036.30.18574Keywords:
information security, the Bring Your Own Device (BYOD) concept, information protection, Network Access Control (NAC), Mobile Device Management (MDM), Data Leak Prevention (DLP)Abstract
The BYOD concept involves the use of personal electronic devices (laptops, tablets, smartphones) by employees of the organization for official purposes. The idea of such a concept appeared in the mid-2000s, but only recently it gained popularity. The reason for this is the growing dependence of business processes on services located on the Internet, advances in mobile device production, expanding devices' capabilities and increasing productivity, as well as the development of network technologies and cloud storage. Like any concept, BYOD has its advantages and disadvantages. The positive aspects of this approach to the organization of the work process include, in particular, convenience for the user and the possibility of remote work, which allows organizations to use the working time of employees more efficiently, increase the efficiency of solving various tasks and thus achieve an increase in labor productivity. The main problem associated with the implementation of the BYOD concept is ensuring the security of the organization's information system. The more freedom employees using personal devices have to interact with an organization's network, the more potential damage they can cause to it. The article examines information security threats associated with the use of BYOD and gives recommendations on reducing their negative impact on the organization. In particular, it is suggested to use NAC to manage network access; install MDM to manage the security of mobile devices; implement DLP to protect against information leaks; use reliable passwords with regular updates to prevent unauthorized access; install organization-approved anti-virus software on employee-owned devices; perform data encryption; set restrictions on downloading and installing programs; implement a comprehensive IT policy.
References
2021 BYOD Security Report. URL: https://pages.bitglass.com/rs/418-ZAL-815/images/CDFY21Q2-BYOD2021.pdf.
Howarth J. 24+ Fascinating BYOD Statistics (2024). URL: https: // explodingtopics.com/blog/byod-stats.
Global BYOD and Enterprise Mobility Market. Global Strategic Business Report. URL: https://www.researchandmarkets.com/reports/4804695/byod-and-enterprise-mobility-global-strategic.
Юстус М. (2020). Як керувати пристроями співробітника, що працює віддалено. URL: https:// ko.com.ua/kak_upravlyat_ustrojstvami_sotrudnika_ra-botayushhego_udalenno_132967.
Employees Say Smartphones Boost Productivity by 34 Percent: Frost & Sullivan Research. URL: https: // insights. samsung. com / 2016 / 08 / 03 / employees-say-smartphones-boost-productivity-by-34-percent-frost-sullivan-researc.
Принеси власний пристрій: заходи безпеки при використанні особистих пристроїв на роботі. URL: https: // www.kingston.com / ua/blog/data-security/bring-your-own-device-workplace-security.
Збільшення випадків втрати пристроїв на 25% вказує на ризик для мандрівників. URL: https: //www.kingston.com/ua/blog/data-security/commu-ters-lost-devices-security-threat.
Donovan, F. (2014). Employees Fail to Take Basic Steps to Secure BYOD Devices, Data, Fierce Mobile IT, 9, 1.
Cappelli, D., Moore, A., & Trzeciak, R. (2012). The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Upper Saddle River, NJ Addison-Wesley.
Dong, Y., Mao, J., Guan, H., Li, J., & Chen, Y. (2015). A Virtualization Solution for BYOD with Dynamic Platform Context Switching, IEEE Micro, 35(1), pp. 34-43. https://doi.org/10.1109/MM.2015.3.
Miller, K.W., Voas, J., & Hurlburt, G.F. (2012). BYOD: Security and Privacy Considerations, IT Professional, 14(5), pp. 53-55. https://doi.org/10.1109/MITP. 2012.93.
Wang, Y., Wei, J., & Vangury, K. (2014). Bring Your Own Device Security Issues and Challenges, 11th Consumer Communications and Networking Conf (CCNC), 2014 IEEE, pp. 80-85. https://doi.org/10.1109/ CCNC.2014.6866552.
Vishal, G., Deepak, S., & Lovekesh, D. (2013). An Approach to Implement Bring Your Own Device (BYOD) Securely, International Journal of Engineering Innovations and Research, 2(2), pp. 154-156.
Souppaya, M., & Kent, K.A. (2012). Guidelines for Managing and Securing Mobile Devices in the Enterprise: Recommendations of the National Institute of Standards and Technology. US Department of Commerce, National Institute of Standards and Technology. https://csrc.nist.rip/library/alt-SP800-124r1.pdf.
Ketel, M., & Shumate, T. (2015). Bring Your Own Device: Security Technologies, SoutheastCon, pp. 1-7. https://doi.org/10.1109/SECON.2015.7132981.
2023 Data Breach Investigations Report. URL: https://www.verizon.com/business/resources/reports /dbir/.
Kukharska, N., & Lagun, A. (2023). Human recourses management as a component of organization information security. Electronic Professional Scientific Edition “Cybersecurity: Education, Science, Technique”, (20), pp. 35-44.