Enhancing Bring Your Own Device Security in Education

Abstract

Background: The acceptance and use of personal devices at educational institutions is on the rise, resulting in the education sector's adoption of Bring Your Own Device (BYOD). The institutions benefit from cost reduction in buying and managing IT devices as users purchase and bring their own devices. Users benefit by accessing learning materials and collaboration anytime, anywhere while on the move via institutional network. However, literature on BYOD indicates that various challenges are faced with usage of BYOD such as loss/stolen devices, malware, lack of policy, user negligence among others. This paper examined the literature in order to identify BYOD challenges, solutions, and guidelines that would inform secure BYOD usage in education. Methods: Beginning with a search of selected databases, a systematic review of the literature was conducted. The database and back search generated 1594 items, 14 of which were deemed eligible for inclusion. The People Policy Technology (PPT) approach was used in identifying challenges from literature through grouping them under the Technology challenges, People challenges and Policy challenges. The BYOD security framework was utilized to develop a mitigation strategy. Results: Various risks and threats were identified under the People, policy and technology themes. They include lost/stolen device, lack of policy, inadequate controls, connecting via unsecure networks, malware such as virus, data leakage. The BYOD security framework was followed to give systematic guidelines and controls in overcoming the challenges. The guidelines included BYOD policy development and implementation with in the institution, device enrolment and management using the MDM, scanning for malware, software updates, and regular backups among others. Conclusion: BYOD phenomenon is on the raise and here to stay. It has various benefits but these can be shadowed by threat identified in this review. Before implementing BYOD, educational institutions should ensure that an acceptable BYOD policy is in place to instruct users on how to behave while using BYOD. Users should be trained sufficiently on how to secure their devices and data while using BYOD. Technological solutions such as MDM, antivirus software and NAC should be deployed to manage both devices and data in the BYOD environment. However, these solutions should be used in a balanced manner that does not hinder usability.