Three-dimensional security framework for BYOD enabled banking institutions in Nigeria.

Abstract

Bring your own device (BYOD) has become a trend in the present day, giving employees the freedom to bring personal mobile devices to access corporate networks. In Nigeria, most banking institutions are increasingly allowing their employees the flexibility to utilize mobile devices for work-related activities. However, as they do so, the risk of corporate data being exposed to threats increases. Hence, the study considered developing a security framework for mitigating BYOD security challenges. The study was guided by organizational, socio-technical and mobility theories in developing a conceptual framework. The study was conducted in two phases, the threat identification and the framework evaluation, using a mixed-methods approach. The main research strategies used for the threat identification were a questionnaire and interviews while closed and open-ended questions were used for the framework evaluation. A sample consisted of 380 banking employees from four banks were involved in the study. In addition, the study conducted in-depth interviews with twelve management officials from the participating banks. As for the framework evaluation, the study sampled twelve respondents to assess the developed security framework for viability as far as mitigating security threats emanating from BYOD in the banking sector is concerned. The sample consisted of eight executive managers of the bank and four academic experts in information security. Quantitative data was analysed using SPSS version 21 while qualitative data was thematically analysed. Findings from the threat identification revealed that banking institutions must develop security systems that not only identify threats associated with technical, social and mobility domains but also provide adequate mitigation of the threats. For the framework evaluation, the findings revealed that the security framework is appropriate in mitigating BYOD security threats. Based on the findings of the study, the developed security framework will help banks in Nigeria to mitigate against BYOD security threats. Furthermore, this security framework will contribute towards the generation of new knowledge in the field of information security as far as BYODs are concerned. The study recommends ongoing training for banks’ employees as it relates to mitigation of security threats posed by mobile devices.