UCS422 _CASE Study_CYBER Security for Non Computing Science PDF

Preview

Summary

UCS422 – CYBERSECURITY FOR NON-COMPUTINGSCIENCESTITLE: BRING YOUR OWN DEVICE (BYOD) POLICY(CASE STUDY)PREPARED FOR:MADAM NORKHUSHAINI AWANGPREPARED BY:NURUL HANISAH BINTI MD KASBULLAH2019814366NBF09BDATE OF SUBMISSION:21 ST NOVEMBER 2021TABLE OF CONTENTABSTRACT..........................................

Description

UCS422 – CYBERSECURITY FOR NON-COMPUTING SCIENCES

TITLE: BRING YOUR OWN DEVICE (BYOD) POLICY (CASE STUDY)

PREPARED FOR: MADAM NORKHUSHAINI AWANG

PREPARED BY: NURUL HANISAH BINTI MD KASBULLAH 2019814366 NBF09B

DATE OF SUBMISSION: 21ST NOVEMBER 2021

TABLE OF CONTENT ABSTRACT………………………………………………………………………… .…1 INTRODUCTION…………………………………………………………………….…1 1.1

Advantages of BYOD for Employees……………………………………. ..2

1.2

Disadvantages of BYOD for Employees………………………………… ..3

1.3

Advantages of BYOD for organizations………………………………… ...3

1.4

Disadvantages of BYOD for organizations…………………………….….4

SUMMARY……………………………………………………………………………..5-6 CONCLUSION………………………………………………………………………..….7 REFERENCE………………………………………………………………………….….8

ABSTRACT Bring Your Own Device (BYOD) policies are becoming increasingly widespread in organizations, allowing employees to use their personal mobile devices for work and connect to the company network. Workers like to use their own gadgets and devices at work since it makes them more enjoyable and liberating. While corporations need to improve employee effectiveness and efficiency, employees prefer to use their own devices at work, making them more acceptable and easier to use. If Bring Your Own Device (BYOD) is implemented, the benefits of this shift in business technology will surpass any potential issues for the firm. BYOD is a nightmare in the making for many IT administrators. Data security, policy, data loss, and network congestion all spell disaster. The goal of this case study is to demonstrate the ability to investigate of security management issues in corporate organizations based on the background information provided and explore individual and organizational perspectives.

INTRODUCTION Since the beginning of the cutting-edge period, corporate firms have devoted sections of their financial plan to providing their employees with the gadgets important to finish their tasks. Due to the necessity for rapid and simple access to information, mobile devices have become increasingly important in people's lives. The usage of mobile devices for work is growing increasingly common since life cannot be imagined without them. Wireless technology, many types of apps, simple access, and connectivity are just a few of the characteristics available on mobile devices. Bring your own device for the most part include representatives providing their own telephones, tablets, and PCs for work purposes. Employees often want to use a single device for both private and business applications, which might be a good option. As a result, "Bring Your Own Device," or BYOD, happens, in which workers utilize their personal devices for workrelated purposes. Employees may access business resources such as email, file servers, and databases using their own devices. It is a highly problematic issue in terms of administration, technological problems, and security. There are many pros and cons when looking at the permission granted to employees who use their personal devices for work. The advantages and disadvantages are mostly determined by the workplace. Bringing your own device (BYOD) to work is a moot point - will BYOD become the new normal? Not necessarily. Half of the companies believe BYOD is a growing problem for their organizations, multiple studies show that while BYOD can improve job satisfaction and employee productivity, it can also create problems if left unattended as expected. Supporting personal devices is more difficult than supporting company-supplied devices, the cost of managing mobile devices can increase, and securing corporate data and networks becomes more difficult. 1

1.1

Advantages of BYOD for employees

Allowing employees to bring and use personal gadgets to work has certain risks, but it also provides some substantial benefits. Work equipment for employees should be simple to use so that they do not lose motivation. When employees use their preferred and well-known workplace equipment, they are substantially happier. When one's degree of enjoyment grows, so do one's work efficiency and performance. Profits are also increased because of this. Furthermore, because they can easily interact and exchange ideas at any time and from any location, employees might become more imaginative (Waterfill & Dilworth, 2014). Effectiveness and comfort: Employees will feel more at ease at work if they can access the corporate network from anywhere and at any time without the need for additional devices or connections. While working on their own gadgets after hours, they do not consider this to be additional labor. Employees may not spend the entire day in the workplace, and if they leave earlier, they may work where they are most comfortable. Managers cherish the opportunity to force their employees to work longer hours (Madzima, Moyo & Abdullah, 2014). Employees commonly complain about company-owned mobile devices, which are generally obsolete technological gadgets, due to budgetary concerns. It takes a long time for firms to replace outdated electronics with newer, higher-tech gear. Employees select BYOD because they do not want to deal with problems connected with old workplace computer equipment (Madzima et al., 2014). Employees work more efficiently since they can use their devices more comfortably and connect to their work environment at any time.

2

1.2

Disadvantages of BYOD for employees

While bringing your own device provides workers a sense of freedom and flexibility in terms of how, when, and when they may get the job done, it also puts employees under pressure since they are continuously available and responsive to workplace demands. As a result of BYOD, users incur stress and pressure. Privacy concerns: Because BYOD devices are used for both personal and business purposes, tight organizational restrictions may be implemented to limit employee behavior on their device. Users have little control over the apps that are downloaded and installed (Jaramillo, Ackerbauer, & Woodburn, 2014). They are also concerned about the confidentiality of their data, as the firm has access to all of their personal information in order to remotely control the device. Users are annoyed by the company's ability to infiltrate their personal space (Wang, Wei & Vango, 2014). The department of Information Technology (IT) is in charge of dealing with security and management challenges. Security solutions are critical for securing company data. Consumers may be concerned about their security as a result of organizational risk security solutions. The Mobile Device Management (MDM) system is one of the options and a form of security software. Administrators can govern mobile devices as simply as desktop machines with MDM software. Businesses like to remotely monitor and control the health of smart devices to prevent data breaches. To improve mobile device security, organizations develop and adopt mobile device management systems. This sort of software also handles situations in which the devices is misplaced or abused. Authentication rules and device settings are offered to limit access to business data. It is also used to remove functions if required. Because users do not trade with freedom, MDM makes no distinction between personal devices and business divisions, and it serves as a common area for BYOD. This might be interpreted negatively by users (Wang et al., 2014). Additionally, desktop and application virtualization technologies are utilized to protect employees from getting unauthorized access to corporate networks. Using this service, users may gain remote access to company networks and data. However, because the user area and corporate systems are separate, some security rules must be developed to prevent unauthorized data transmission. 1.3

Advantages of BYOD for organizations

Organizations embrace BYOD because it offers several advantages, including decreased corporate expenditures and increased user productivity. Companies have typically provided and managed gadgets for their employees, although BYOD is less expensive. Organizations save money by not having to buy, maintain, or operate company-owned mobile devices. They are only responsible for setting up the connection between personal devices and the corporate network. Increased flexibility, productivity, mobility, and employee satisfaction are just a few of the benefits of BYOD for businesses. 3

1.4

Disadvantages of BYOD for organizations

Businesses may find it advantageous to enable employees to use mobile devices in order to keep staff content with today's living circumstances, but they also risk company data being compromised. Dealing with diverse sorts of devices is another difficulty with BYOD. Because complaints differ depending on the device, corporate helpdesks or other departments may have trouble resolving specific issues. Security: If sensitive data is not protected, mobile devices linked to company networks greatly increase the chance of it being hacked (Morrow, 2012; Thomson, 2012). Mobile hot spots can be dangerous since data is sent across an unsecured network. Because of unprotected Wi-Fi, a less protective anti-virus system, the potential to jailbreak, and user ignorance, mobile devices are becoming increasingly enticing to hackers. Mobile device attacks that employ vulnerabilities to take control of the entire system or damage a portion of the device can have an impact on the operating system and apps (Madzima et al., 2001). Malicious programming that opens back doors for attackers is also a source of data loss. Employees should feel accountable for having company data on their devices due to the risk of data loss caused by inattentive workers (Morrow, 2012; Lennon, 2012). In order to avoid security breaches, they must learn the standards for secure mobile device use etc. They should also be aware of the danger of phishing attacks, which trick users and steal sensitive information. Another issue that must be addressed is employees accessing critical company data from their smartphones without any security procedures. It is impossible to prevent anyone from erasing sensitive system data on purpose. Employees might be discouraged from participating in illicit activities by using security equipment with stringent limitations (Madzima et al., 2014). Applications and data stored on mobile platforms must be protected against any threat to corporate data integrity, availability, and confidentiality. To maintain their security, policies on who can access them and from where must be set. When dealing with the drawbacks of BYOD, firms should implement security processes to protect corporate data from external and internal threats (Miller, Voas & Hurlburt, 2012).

4

SUMMARY By far the most crucial area for an adequate and productive workplace is the management sector's ability to address workers' personal devices. The management team must guarantee that no corporate information is leaked from personal devices, whether lost, stolen, or otherwise. Furthermore, management must have an efficient tracking mechanism for the activities that occur on personal devices since the business requires these gadgets to boost employee productivity rather than provide a distraction. The organization component executes managerial knowledge, leads the company's goals, and guarantees that it is an effective means of attaining those goals. The organization must adopt BYOD in the company in accordance with management's rules. Furthermore, they primarily develop effective security and use new IT systems that enable businesses to track disrupted business activity. This brings us to the technological components of sustaining BYOD. Technology puts all of this into action by supplying suitable software that must be compatible with the various operating systems of the devices being utilized. Finally, they must provide a robust technical support staff to track down and resolve any spilled data, infections, or lost or stolen equipment. Intel was the first corporation to incorporate the BYOD trend, ensuring that all mobile devices were covered by establishing an enterprise solution. However, problems began to occur, resulting in a lack of confidence between employees and management, as the management had access to their personal data. Furthermore, Intel established rigorous standards for managers regarding what information may be viewed from workers' personal devices. SAP, a prominent technology business, successfully integrated BYOD by efficiently handling sensitive areas such as preserving its employees' privacy, concealing sensitive/leaked data, and attracting younger workers who are constantly on their gadgets/ devices (Laudon, pg.207). Blackstone, an investing and advisory firm, exclusively permitted its staff to use Apple devices since they were the simplest to maintain and meet its employees' demands. (Laudon pg.207). Finally, the cyber security firm Venafi permitted its employees to bring their own gadgets to work. Venafi, on the other hand, did not address any hardware issues with the devices. Venafi, like any other corporation, made certain that each device was securely linked to the corporate network. (Laudon pg.207). There are several administrative, organizational, and technological elements that require great awareness and protection in order to deploy BYOD throughout an enterprise. In my opinion, the corporation is attempting to save money by covering IT expenditures, but this is creating additional work for management and the organization. According to the article, "While BYOD might boost employee work satisfaction and efficiency, it can also bring various challenges if not managed appropriately." Laudon (p.206). As a result, it's not worth attempting to save money while also causing a headache for the organization.

5

Furthermore, when every employee takes his or her own device to work, the expense of monitoring mobile devices rises, and securing company data and networks becomes more challenging. In addition, IT teams lose practically complete control over the hardware. They have no influence over which applications or programs are installed, how devices are protected, or which files are downloaded. (Page 206 of Laudon). Furthermore, if this is not handled, workers may waste corporate time and money on personal matters. The inability to control the hardware increases the company's susceptibility. "The main tradeoff with BYOD is that it gives employees more independence while possibly exposing the organization to risk." (Page 206 of Laudon) Overall, BYOD increases work issues and vulnerability inside a company while attempting to save money; consequently, firms should not permit the use of cellphones at work.

6

CONCLUSION Employees and organizations are looking for innovative business process solutions to improve human interactions while also enhancing productivity and effectiveness. Corporate support encourages employees to share their expertise, which aids in the achievement of organizational objectives. Allowing workers to use their own devices in the office for both business and personal purposes is a wonderful idea, but it is difficult to put into practice for both firms and employees due to the negative factors to consider. BYOD policies can only be effective if they are implemented properly, using compatible devices. Corporations across the globe have found what works for them through trial and error. Some corporations even hire a third-party company to implement their own BYOD policies. To conclude, BYOD can be used effectively in the workplace, but companies must understand the various risks to security and ensure strong infrastructure is kept in place in case important information is compromised. Bring your own device policies are infiltrating the world’s business sector faster than ever before. It will not be long until 90% of companies allow, or maybe even require, the use of personal devices in the workplace. Through trial and error, BYOD policies have their pros and cons, but through trial and error, they can become profitable strategies for any company. With technology advancing at such a rapid pace, it is only natural that BYOD policies will evolve as well. Only time will tell how far BYOD policies will take companies in the future, but one thing is for sure: BYOD policies are here to stay. From my experience, from March 2019 until now, I have still worked from home and used companyowned devices. It is because our company's nature is to provide services for advanced product development using computer-aided design (CAD) and computer-aided engineering (CAE) and engineering and other engineering analysis and design optimization activities that require specific devices and specific software to complete the job or task. Not everyone has the most up-to-date technology on their own gadgets and even if they do, it will not support the system since the company has to install another software on their devices, and it costs a lot of money. Last but not least, I disagree that allowing employees to use their own devices would result in considerable cost savings for the organization. When workers bring their own devices, there are no upfront expenses, but there are numerous additional issues and, over time, charges that may become quite expensive with BYOD in place. IT staff must put in more time and effort in the office or at home, and many major corporations must deal with many expenses and responsibilities, which raises costs. Employees' usage of personal devices will make it simpler for viruses, breaches, and hackers to gain access to sensitive information.

7

REFERENCE Waterfill, M. R., & Dilworth, C. A. (2014). BYOD: Where the employee and the enterprise intersect. Employee Relations Law Journal, 40(2), 26–36. Madzima, K., Moyo, M., & Abdullah, H. (2014, August). Is bring your own device an institutional information security risk for small-scale business organizations? In Proceedings of the Information Security. Jaramillo, D., Katz, N., Bodin, B., Tworek, W., Smart, R., & Cook, T. (2013). Cooperative solutions for bring your own device (BYOD). IBM Journal of Research and Development, 57(6): 5 Wang, Y., Wei, J., & Vangury, K. (2014, January). Bring your own device security issues and challenges. In Proceedings of the 11th Consumer Communications and Networking Conference (CCNC) (pp. 80–85). IEEE. Morrow, 2012; Thomson, 2012_ Bring Your Own Device Philosophy from The User's Perspective: An Empirical Investigation Miller, K. W., Voas, J., & Hurlburt, G. F. (2012). BYOD: Security and privacy considerations. IT Professional, 14(5), 53–55. Laudon, K. C., & Laudon, J. P. (2020). Management information systems: Managing the digital firm. Harlow, United Kingdom: Pearson Education.

8...