Bring Your Own Disclosure: Analysing BYOD Threats to Corporate Information

Mobile device consumerisation has introduced the Bring-Your-Own-Device (BYOD) trend to the organisational context, allowing employees to work using their personal devices. However, as personal mobile devices are perceived as less secure than those provided by the organisation, BYOD has risen security concerns about corporate information being accessed by mobile devices from inside and outside the corporate perimeter. Moreover, this uncontrolled mobile device activity makes it difficult to differentiate external (outsider) malicious activity from reckless/naive employee (insider) behaviour, preventing effective correlation of unauthorised actions with the perpetrators. In this paper, a STRIDE-based BYOD Threat Model is proposed to analyse BYOD Threat Interactions from inside and outside the corporate perimeter. Our research contributes to a better understanding and awareness about the influence of BYOD Threats on disclosure and contamination of corporate information, encouraging future work in the field of BYOD security and digital forensics in order to protect information and manage an increasing number of evidence sources.