Information Technology Risks Associated With Employee Non-Compliance With The Organizational “Bring-Your-Own-Device” Policy
Main Article Content
Bring Your Own Device (BYOD) practices which allow employees to use their personal mobile devices for work purposes from anywhere and at any time, are fraught with cyber security risks and small and medium enterprises (SMEs) are most at risk due to the lack of resources and knowledge on how to mitigate these security risks and threats. This study aimed to determine if the sampled SMEs in South Africa have a BYOD policy, their level of awareness of the security risks associated with not having a BYOD policy, and non-compliance with a BYOD policy, where such policy existed. An on-line study was conducted using two separate questionnaires to survey 27 SME owner-managers and 94 of their employees, who were selected through stratified random sampling.
It was ascertained that a high level of awareness of security risks and threats existed amongst the sampled SME management and employees. No identifiable relationship could be found between the level of security risk awareness and BYOD policy non-compliance behaviour exhibited by management and the employees.
The vast majority of the management representatives indicated that they did not have a BYOD policy. The absence of such a policy or effective implementation thereof where such existed, leaves organizations open to IT security risks and threats that could highly impact the organization's future. Further research is recommended to establish why organizations which are fully aware of BYOD security risks and threats, delay implementation of the BYOD policy.