Bring Your Own Device (BYOD), the practice of employees bringing personally-owned devices to their workplace has transformed into a standard practice in recent years due to the high consumerization of smartphones and tablets (Louisnord, 2017). The market for BYOD is projected to reach $430.45 billion by 2025, up from $186 billion in 2019 (MarketWatch, 2021). There are numerous benefits of BYOD to individuals and enterprises, ranging from cost savings to increased productivity, adaptability, and efficiency of personnel (Wani et al., 2022). BYOD allows employees to access corporate data, controlled networks, applications, and records, as well as the Internet, using their own mobile devices. In this way, employees are privileged and empowered to choose the technology that best matches their specific needs (Mueller et al., 2016). BYOD enhances mobility, flexibility, productivity, and employee satisfaction by extending the opportunity to work whenever and wherever (Grover, 2019; Harris et al., 2012; Rivera et al., 2013).
The Malaysian public sector has embraced BYOD as part of the working culture over the last decade (Mat Akhir, 2017; Palanisamy et al., 2023). The extensive use of BYOD among government professionals is primarily due to the acceleration of digital services and the rapid advancement of disruptive technologies that can significantly transform the economic landscape of the country (MyDigital, 2021). The pandemic has also pushed the public sector for the digital government transformation, where all citizen-centric services are expected to continue seamlessly and provide effective services in a timely manner to the public (Eom & Lee, 2022; Shammugam, 2021).
The decision to adopt digital technology not only opened the door to new opportunities, but also to threats, risks, and vulnerabilities (Prime Minister’s Office, 2021) which is quickly superseding the security measures outlined by the organizations. In the public sector, BYOD practice is one of the major causes of data leakages as devices are at an increased risk of breaches. The ever-evolving BYOD trend has created new threats, vulnerabilities, and gaps
in organizations as detailed below:

BYOD SECURITY RISKS
a. Insider Threat
People or the employees in this context of research are the key components to consider when implementing cyber security measures as insider threat is more complicated. An insider is a current or former employee, contractor, or business partner who has or has had authorized access to an organization’s network, system, or data (Georgiadou et al., 2020; The CERT Insider Threat Team, 2013) and they have the required knowledge, authority, organization network structure, and security procedures to access all the organizational network information (Dosh, 2021). Studies showed that a discontented employee or business partner could become a serious internal threat to an organization. Some employees believe that these procedures can disrupt their work or cause the devices to slow down. There are employees who view certain countermeasures as intrusive to their privacy, hence they are hesitant to implement them (Bello et al., 2017). Many employees are too preoccupied with their work-related responsibilities to be concerned with security issues; hence, they do not perceive the value in implementing security protocols (Mani et al., 2014). This way of thinking poses difficulties for organizations to get their employees to change their habits to improve IT security.
b. Lack of policy
Organizations face challenges from the lack of governance of policies and procedures for securing personal devices (White & Lao, 2020). It can result in misinformation or uncertainty, resulting in non-compliance behaviour and organizations’ information assets are susceptible to compromise or theft. The absence of a policy can be attributed to insufficient management engagement and a lack of understanding regarding the significance of having an effective BYOD security strategy in place. This discrepancy could be dangerous for organizations. Approximately 75% of respondents stated that there was a lack of mandate from the organization advising employees on the necessity to perform fundamental technical measures such as applying passwords, locking displays, and updating security software and updates and software.
c. Device Management
Despite the resistance of some firms to adopt BYOD as part of their everyday operations, employees strongly prefer to utilize their own devices (Bello et al., 2017). On the other hand, some organizations permit work-related data to be stored on their employees’ personal devices, which could lead to vulnerable situations in which confidential data is compromised (Mani et al., 2014). As the devices are small and portable, they can be easily forgotten, misplaced, or stolen (Tu et al., 2015). Sometimes, employees are discouraged from reporting their lost or stolen equipment because it could severely impact the organizations’ reputation and financial standing (Mani et al., 2014). Lost and stolen mobile computing devices such as laptops and smartphones which contain organizational information can cause information leakage (Abdul Molok, 2013). Some of the devices carrying sensitive data are recycled or sold without ensuring that the data is permanently destroyed.
MITIGATION STRATEGIES
Experts advocate these controls to prevent BYOD cyber risks (Figure 1) and by integrating them into organizational security processes, BYOD security can be strengthened.
a. Training
Training plays an integral role in shaping employees’ behaviour about information sharing; being cognizant about the threats that come with BYOD (Palanisamy et al., 2020). The objective of having ongoing training programs is to create positive behavioural changes among employees and to increase their risk awareness. In this regard, organizations should ensure that employees stay vigilant about the risks of using any online platform to share any information.
b. Management
Committed management is necessary if an organization aims to fulfil the successful alignment of the organization’s mission and its security policy. Open and honest communication between top management and the lower staff can create a positive atmosphere and the right security culture within the organization. This is vital to build and sustain a secure IT environment.
c. Policy
Every organization must develop a BYOD security and privacy policy that protects organizational information as well as guide employee behaviour. Firstly, a policy should be specified clearly to avoid ambiguity and misinterpretations, especially for non-managerial staff. Secondly, the policy should be gradual because the sudden restriction on common behaviours in mobile devices can jeopardize the relationship between employers and employees.
d. Technical
Deploying the Mobile Device Management (MDM), asset management, building the right network platform with controls and strong passwords are critical to ensure a secure BYOD environment. Employees should connect their devices to trusted networks only as a measure to ensure data and network security. The use of encryptions can minimize the liability of compromised data. Additionally, surveillance and monitoring are also necessary for promoting security compliance behaviour.

Figure 1 Strategies to mitigate BYOD risks
BYOD is a phenomenon that is here to stay. As the technology continues to evolve making BYOD a working platform to reach customers and deliver service, the cybersecurity attack surface continues to increase, posing great challenges to organizations. Identification of risk and strategies is critical as employees play a vital role in preserving the information security of their organizations.
REFERENCES
Abdul Molok, N. N. (2013). Mitigating the risk of organisational information leakage through online social networking. The University of Melbourne.
Bello, A. G., Murray, D., & Armarego, J. (2017). A systematic approach to investigating how information security and privacy can be achieved in BYOD environments. Information and Computer Security, 25(4), 475–492.
Retrieved January 18, 2023, from the World Wide Web: https://doi.org/10.1108/ICS-03-2016-0025
Dosh, M. (2021). Detecting insider threat within institutions using CERT dataset and different ML techniques.
Periodicals of Engineering and Natural Sciences, 9(2), 873–884. Retrieved January 18, 2023, from the World Wide Web:https://doi.org/10.21533/pen.v9i2.1911
Eom, S.-J., & Lee, J. (2022). Digital government transformation in turbulent times: Responses, challenges, and future direction. Government Information Quarterly, 101690. Retrieved January 18, 2023, from the World Wide Web:https://doi.org/10.1016/j.giq.2022.101690
Georgiadou, A., Mouzakitis, S., Bounas, K., Askounis, D., & Georgiadou, A. (2020). A cyber-security culture framework for assessing organization readiness. Journal of Computer Information Systems, 1–11. Retrieved February 18, 2023, from the World Wide Web:https://doi.org/10.1080/08874417.2020.1845583
Grover, V. (2019). BYOD Trends in 2019: Its Influence in the Next Five Years. Retrieved February 18, 2023, from the World Wide Web:https://blog.scalefusion.com/top-8-trends-that-will-influence-byod-in-next-five-years/
Harris, J., Ives, L., & Junglas, I. (2012). IT consumerization: When gadgets turn into enterprise IT tools. MIS
Quarterly Executive, 11(3), 99–112.
Louisnord, N. V. E. (2017). BYOD is now standard practice, implementing it requires safe strategies. Innovation Enterprise. Retrieved February 18, 2023, from the World Wide Web:https://channels.theinnovationenterprise.com/articles/byod-is-now-standard-practice-implementing-it-requires-safe-strategies
Mani, D., Mubarak, S., & Choo, K. (2014). Understanding the Information Security Awareness Process in Real Estate Organisations Using the SECI Model. Twentieth Americas Conference on Information Systems, 1–11.
MarketWatch. (2021). Bring-your-own-Device (BYOD) Market Size, Share, Industry, Analysis, Price, Trends, Growth, Report and Forecast 2020-2025. Retrieved Mac 18, 2023, from the World Wide Web:https://www.marketwatch.com/press-release/bring-your-own-device-byod-market-size-share-industry-analysis-price-trends-growth-report-and-forecast-2020-2025-2021-04-12?tesla=y
Mat Akhir, H. (2017). Success model for BYOD implementation considering human and security perspectives in Malaysia Government environment.
Mueller, M., Klesel, M., Heger, O., & Bjoern Niehaves. (2016). Empirical Insights on Individual Innovation Behaviour: a Qualitative Study on It- Consumerization. PACIS Proceedings, 201.
MyDigital. (2021). Malaysia Digital Economy Blueprint. Economic Planning Unit Prime Minister’S Department, 104.
Palanisamy, R., Norman, A. A., & Kiah, M. L. M. (2020). Compliance with bring your own device security policies in organisations: A systematic literature review. Computers and Security, 98, 101998. Retrieved Mac 18, 2023, from the World Wide Web:https://doi.org/10.1016/j.cose.2020.101998

