Investigating the effects of bring your own device on information security within Treasury.

Abstract

Treasury, is a government department within the KwaZulu- Natal provincial government. Information is a strategic resource that organisation derive among other competitive advantage and advance their position regardless of its medium. Organisations must endeavour to protect information from security threats and risks. Bring your own device (BYOD) refers to a strategy where employees are allowed to use their private mobile devices for work purposes. This study aims to investigate the effects of the BYOD phenomenon on information security within Treasury. The research problem was centred on the threats posed by the BYOD on the security of information within Treasury. The study adopted a positivist research paradigm and followed quantitative research methods. Data were collected using a questionnaire which was self-administered by the researcher to all participants, the population was the entire staff in Treasury, and the sample size was 167 staff members. The key findings were that, the majority of the participants often use their private mobile devices for work purposes at work as well as outside work premises. Interestingly, the smartphone was the most used device among participants. Participants not only used but stored work information on their private mobile devices which are exposed to a number of security threats through downloading of games and apps. Majority of the participants were not aware of the policy regarding the use of private mobile devices for work purposes and were not aware of the procedure to safeguard work information on the private mobile device. Participants pointed out a number of benefits since using their own device for work purposes such as an increase in their productivity, the ease of meeting deadlines as well as convenience. Given the findings of this study, it is recommended that an organisational culture of information security be developed and inculcated among users, clear BYOD strategy inclusive of the policy, detailing information that can be accessed using the BYO device, the type of device as well as requisite security features for the private mobile device. Training and raising awareness among users on threats and risks posed by the BYOD strategy, as well as their individual roles and responsibilities towards security of information was among recommendations.