What is BYOD?
Bring your own device (BYOD) (also called bring your own expertise (BYOE), bring your own mobile (BYOM), and bring your own laptop (BYOL) bring up to the
procedure of permitting workers to bring individually owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications
When you have BYOD policy you can connect to network via:
- Mobile Phones
Advantages in BYOD Usage Policy for Regal University
- Improve the effectiveness of Teaching and Learning
- Improve the Effectiveness and
- Enhancement of Technologies
- Improve the Family Engagement
- Personalized instructions
- Cost saving within university
Disadvantages in BYOD Usage Policy for Regal University
- Not balancing the Accessibility and Security in BYOD.
- Student and staff-owned devices may lack the necessary protections and features to keep information safe
- Increases the risk of compromising system security
- University can cause increases the number of users sharing internet bandwidth & locations.
- Lost and Stolen Devices. Approximately 22% of the total number of mobile devices produced will be lost or stolen during their lifetime, and over 50% of these will never be recovered.
- Malware Download. Free software from unknown website may contain customized malware which can be undetected by best antiviruses. It’s better to use original one.
- Insecure Public Network. Use of insecure pubic network such as free Wi-Fi may help hackers to steal your data. Its better not to connect laptop which contains secret data of company.
- Unknown App Download. Millions of Fishy Mobile Apps Take Unnecessary Access Permission and Misuse It.
Identification of Access Control For Regal University
Regal university can create a heavy debate that the whole arena of cyber security time-outs nearly totally on:
- character authentication
- access control.
Devoid of those two tasks, virtually no other safekeeping technique substances. Each other component of security be influenced by on the structure detecting the user and authorizing their permissions to several objects.
Access control topologies in cyber security for regal university span the alphanumeric and the physical dimensions. It’s as crucial to protected a server room door with a security device as it is to safe the server the aforementioned with a PIN or secret code.
- Directly Affected
- University management
- University IT division
- All other employees
- Indirectly Affected
For Stakeholders the main and most important step is spreading cyber security education among the employees and awareness about securities. Most of the people are careless about security and they don’t know the basic things about security.
- Maintaining and Storing Data
- As the organization’s data is stored on the personal devices of the employees, there is a risk of data loss. As an example, storage cards used in mobile devices are not encrypted most of the time and data can be easily stolen by simply obtaining the SD card.
- By accessing corporate networks by virtual private networks that are available in corporate editions this problem can be solved.
Sri Lankan Cyber Security Act Identified by CERT-CC by Following Methods
Critical Infrastructure Protection
- Legislative framework
- Research and Development
- Human Resource and capacity building
- Awareness and education
- Public-Private, Local-International partnership
- Information sharing
- Privacy, free flow and freedom of online information
- Cyber security Technology Framework (CTF)
- Avoiding access to the confidential information of the company by third parties or employees for non – company purposes Intellectual property claim.
- All devices that access company network should be registered with the company – All devices that access company network are required to contain specified software – Downloading or uploading any confidential document to a personal device is prohibited – Using public networks or hotspots is prohibited
- Limitations for using of BYOD devices.
- Using the company network or internet connection to download or view videos and music or to access social media is prohibited.
- Using personal devices for playing games and entertainment purposes within working hours is prohibited.
- Using the devices while driving is prohibited.
- Labor and Employment laws Fair Labor Standards Act (FLSA) Compliance.
- When an hourly employee continues work after his working hours, he is allowed to pay for overtime. [Capital Expenditures vs. Operating Expenses]
- Telecommunications Act (Interception and Access).
- Employers must ensure that any ability to record communications from a device under BYOD concept, should be clearly revealed to employees.
Capital Expenditures vs. Operating Expenses
Capital expenditures are the expanses that the institution make to acquisition main physical properties or facilities that will be secondhand for more than single year. Operational costs symbolize the other everyday expenditures essential to save the university running. By using BYOD method, Regal university can save capital expenditures for another few years with no harm. Because of that thing, Regal university can increase their procurement budget for another valuable purpose like: 1.Training programs; 2.Fund raising programs etc.
Some times organization employees are unwilling to implement suggested security policies thereby increasing the security and legal risks. In such cases, the organization fails to implement its own security control thus providing a loophole to the intruders.
To avoid these problems company can implement system configuration according to the need, can encrypt data or perform investigation on the device, can monitor the data usage to detect misuse or hacking, and can perform other system security related tasks without any problem
BYOD and End user Privacy
Users’ personal device contains private content and since the organization use same device as well they have all the rights to monitor the activities related with
the device. If any data is needed to detect the security breach, the private or personal information of the device is also captured.
As a solution organization’s should make their end users aware of the privacy trade-offs and the reasonable expectations of privacy related to their use of a personal
device for work. If monitoring or an investigation is necessary, make sure to minimize the potential exposure of personal and private information
Breach response, notification and investigation.
- All details will be recorded in the log file. Normal security breach prevention plans focus on the data traveling on the network and are attacked directly by the
attacker. Once a violation occurs, the organization will perform the notification procedure and risk assessment to identify the possible loss of data. In addition, all data that will be taken from the device during the investigation will violate the privacy of the owner.
- To avoid this issue proper BYOD strategies are to be developed and to be informed to the employees by the organization to overcome the foresaid issues in incident response and investigation.
Remote Wiping and Blocking
- When working with their personal devices sometimes users might be restricted to use certain programs or applications for their personal use. Also In order to block certain contents, they must load certain software in his personal device. Sometimes wiping off the content is also a major problem, where organization wants to wipe certain data from employee’s personal device.
- Users must be aware about the consequences of blocking; wiping data caused by the software’s to be installed in their own devices and such conditions must be specified in personal device use policy.
Secure destruction of corporate data
- Sometimes the requirement of destruction of data can occur when either the university wants an updated configured device or the users want
to upgrade their personal device. An unscrupulous user can harm the organization by passing on sensitive data to public.
- One of the solutions is to remotely reset an employee’s device by using Mobile Device Management tools.
To Avoid Legal Issues
Following policies can be included in to the Regal University BYOD policy
- Securing mobile devices
- Encryption and user passwords
- Data categorization
- Antivirus software
- Wireless accessing
- Security breach incident and its response
- Remote working
- Privacy preserving
When staff members and students not aware of what apps and software are not permitted on their devices and also using other peoples devices without their permission. Solution – not accessing files without the permission of the owner. Everyone has the right to life, liberty and security of person.
The enterprise becomes increasingly at risk of data loss via employees losing devices or compromising cyber security etc. To avoid this issue:
- All employees & students advance to follow safe password protocols
- Best practices include requiring users to change passwords every three months and prohibiting reuse of previous passwords
- By Using two-factor authentication for mobile network access
Loss of control and visibility of the enterprise data which is being transmitted, stored, and processed on a personal device. We can decrease the risk:
- By using device integrity scanning solutions
- By virtual container approaches
- Clarifying all data by every stake holder daily
Employee staff & students could being rude or using bad language while using e-Mail, chatting, blogging and social networking. Bad behaviors will spotted a black mark for the regal university. We can avoid these type of situations, by having a process for existing employee staff & students and updating every user about the legal situation of the BOYD policy.
Not using Internet ethically. By following Ethical Principle, Complain about illegal communication and activities, if found, to Internet service Providers and local law enforcement authorities is the best solution.
To Avoid Ethical Issues
Following policies can be included in to the Regal University BYOD policy:
- Not attempting to break the security of any computer network or user.
- Not posting commercial messages to school groups without prior permission.
- Not attempting to send junk e-mail or spam to anyone who doesn’t want to receive it.
- Employees are working with their own familiar devices, therefore less training is required.
- Innovation and better workplace collaboration.
- Increasing productivity.
- Employee – satisfaction goes high.
- Technology reliability cannot be guaranteed. Sometimes even the complex systems are not free from bugs, it is also impossible to guarantee that a system is free from security vulnerabilities. Since the systems and network are shared by different people, system wide security validation is impossible.
- Technical security compromises made for usability reasons. Security procedures slow down system operation and may alienate users. Weaker security procedures such as Login/password authentication, Unencrypted information could bring harm within the BYOD system.
- Failure of organizational procedures or poorly designed procedures.University management should provide any help to users how to construct strong easy to remember passwords and require for regular password changes as procedures to improve security.
- Employees using social media for harass or bully others. This is a huge social issue and since the university is connected to the employees through BYOD this could harm university reputation.
- Human carelessness. Employees will inevitably be careless making mistakes such as leaving systems unattended whilst they are logged on or using authentication in public places where they can be observed causing issues like data leakage. Some technical controls against carelessness could be useful in this matter.
- Insider attacks. Insiders in an organization are aware of the technical safeguards built into the system and may know how to circumvent these especially if they have privileged system access.
- Social engineering. Social engineering is the technique of acquiring sensitive or confidential data through psychological manipulation. Social engineering technique of BYOD environment, including phishing, baiting and virus hoaxes, malicious link and unauthorized mobile app. To prevent these social engineering attacks: set end user spam filters to high, secure devices, reject any requests for help or offers of help, delete any request for personal information or passwords.
When creating Regal University BYOD policy we should be considered of:
- Focusing on mobile moments
- Have a processes for exiting employees
- Require mobile device management policies for all devices
- Set password guidelines
- Use two-factor authentication for mobile network access
- Use endpoint protection
To Avoid Socio-Technical Issues Professional Dimension
- Threat to integrity, confidentiality and availability – By introducing BYOD culture to the university it would bring Confidentiality, Integrity and Availability concerns when the device is lost or stolen. Corporate data could be disclosed to unauthorized people and this might cause integrity issues for the employees and the university as well. Non-availability of device on the employee’s possession would cause availability issue as an employee is not able to perform critical functions when it is required.
- The relationship between the IT and BYOD departments is also subject to change as more employees use their own devices at work. IT managers should closely monitor employees and the devices they take to work to ensure that the company is protected and that the employee does not violate any compliance issues.
- A lost device can also mean loss of information, whether in the form of notes and memos or presentations, worksheets and other valuable documents. If the BYOD system is not properly secured above issue could affect the professionalism of university staff.
- Insider trading – Some professional workers act as an insider trader in companies and divulge important information to the competitor company for personal monetary benefit. If there are insider traders within regal university staff there is a threat of stealing university confidential data and selling them to competitors.
The Points to Consider in Order to Avoid Professional Issues
- Which type of corporate data can be processed on personal devices
- How to encrypt and secure access to the corporate data
- How the corporate data should be stored on the personal devices
- How and when the corporate data should be deleted from the personal devices
- How the data should be transferred from the personal device to the company servers
- Ensuring that work data will not be merged with an employee’s personal data
- Many of these issues arise because of the main characteristic of BYOD that the employee owns and to some extent maintains and supports the device. As a result, the company will have much less control over the device in comparison to a device owned by the company.
(BYOD) has proved to be a successful technology nowadays. Rather than sitting in front of an out-of-date corporate PC and waiting for two hours to have IT professionals install a software employees can use their own devices to do their work which improve the employee satisfaction as well. For an island-wide organization like Regal University it would be much easier for the users when contacting other branches and university can reduce infrastructure costing and increasing the flexibility of the users with the help of suggested BYOD model.
The main drawback of suggested BYOD is Security. But by preparing effective security policies and using device management software’s this issue can be avoided. By
developing such BYOD policy that not only protects sensitive data but also take care of employee rights the Regal university will be able gain many benefits.
- Blalock, J., 2018. Are You Aware of these BYOD Advantages and Disadvantages?. [Online] Available at: https://info.hummingbirdnetworks.com/blog/are-you-
aware-of-these-byod-advantages-and-disadvantages [Accessed 30 November 2019].
- Franklin, R. E., 2018. Legal Issues Your Company’s BYOD Policy Must Address. [Online] Available at: https://toughnickel.com/business/5-Legal-Issues-Your-
Companys-BYOD-Policy-Must-Address [Accessed 30 November 2019].
- Manmeet Mahinderjit Singh, Soh Sin Siang,Oh Ying San, Nurul Hashimah, 2014. SECURITY ATTACKS ON BYOD. [Online] Available at: https://pdfs.semanticscholar.org/4716/f30a0a33c68af8d47c2d482e35fd6db0ff5b.pdf [Accessed 01 12 2019].
- Priscilla M Boadi*, Dr Shikun Zhou and Dr Ioannis K, 2018. Current BYOD Security Evaluation System: Future Direction. [Online] Available at: https://www.longdom.org/open-access/current-byod-security-evaluation-system-future-direction-2165-7866-1000235.pdf [Accessed 28 November 2019].
- Security, R., 2019. BRING YOUR OWN DEVICE SECURITY ISSUES AND CHALLENGES. [Online] Available at: https://blog.rsisecurity.com/bring-your-own-device-security-issues-and-challenges/ [Accessed 1 December 2019].
- Sri Lanka -https://www.coe.int › web › pop_up https://www.coe.int/en/web/octopus/country-wiki/-/asset_publisher/hFPA5fbKjyCJ/content/sri-lanka/pop_up?_101_INSTANCE_hFPA5fbKjyCJ_viewMode=view/