An exploration of how BYOD (Bring Your Own Device) user behavior impacts on an organization’s information security: A case study of Madison Insurance Company Kenya Limited

Abstract

This research explores how BYOD (Bring Your Own Device) user behavior impacts on an organization’s information security, a case study of Madison Insurance Company Kenya Limited (MICK). An empirical survey, using two (2) different sets of self administered questionnaires was conducted to achieve this purpose; the random sample questionnaire (hand-delivered) and the expert sample questionnaire (through email). Every MICK branch approximately has four (4) units, making a total of eighty-four (84) units. The researcher randomly singled out four (4) employees per a branch to create a total of eighty-four (84) respondents who gave their feedback through questionnaires. The rationale behind this choice was to have representation from each and every MICK branch. The expert sample respondents were specific because the survey inquiry required those with specialized knowledge to give their opinions. As such, the sample identified for this purpose comprised entirely of the ICT department staff. The results of this research revealed that majority of the BYOD users do actually engage in certain behaviors that put informational assets in portable devices (BYODs) at risk. However, the level of risky behavior was not found to be as high as anticipated. More so, a commendable degree of user knowledge on information security existed and consequently the threats/vulnerabilities posed to the company were found to be considerably low. It was however inferred that a high likelihood of an influx of user owned devices into the work place was greatly probable hence a foreseeable growth in data and information security threats. This research’s results thus enable MICK to better understand the dynamics of user behavior and hence aid in facilitation and implementation of BYOD policies that factor-in these behaviors and consequently foster a safer and more secure BYOD ICT environment. The adoption of a befitting BYOD model for the company was thus recommended since the environment at MICK was deemed ripe for such. In order to achieve this, the optimized hybrid conceptual framework for BYOD adoption in particular was developed as a model befittingthe MICK BYOD scenario. The attractiveness of this model and its agreeability with the study findings was its flexibility and the fact that it took into consideration the underlying organizational infrastructure. Therefore, its implementation will have positive implications on the MICK’s BYOD policy formulation moving forward.