BYOD Policy Compliance: Risks and Strategies in Organizations

Abstract

ABSTRACT The proliferation of mobile devices has brought the Bring Your Own Device (BYOD) trend in organizations, along with significant challenges when employees fail to comply with security policies. Previous reviews in this research area had focused solely on the technical issues surrounding BYOD implementation while leaving out the human behavior in complying with security policies which is a major contributing factor to security vulnerabilities. In this paper, we systematically review the literature to gather evidences related to security risks, challenges posed by employees’ security policy noncompliance behavior and mitigation strategies to address them. The risks are mapped according to the People, Process and Technology (PPT) Model. The review reports that security policy compliance in a BYOD environment remains scarce which makes this review a novel contribution to research on human security behavior in Information System (IS). In addition, open research problems and future research directions are presented in the paper.