Cybersecurity Strategies for Universities With Bring Your Own Device Programs
The bring your own device (BYOD) phenomenon has proliferated, making its way into different business and educational sectors and enabling multiple vectors of attack and vulnerability to protected data. The purpose of this multiple-case study was to explore the strategies information technology (IT) security professionals working in a university setting use to secure an environment to support BYOD in a university system. The study population was comprised of IT security professionals from the University of California campuses currently managing a network environment for at least 2 years where BYOD has been implemented. Protection motivation theory was the study's conceptual framework. The data collection process included interviews with 10 IT security professionals and the gathering of publicly-accessible documents retrieved from the Internet (n = 59). Data collected from the interviews and member checking were triangulated with the publicly-accessible documents to identify major themes. Thematic analysis with the aid of NVivo 12 Plus was used to identify 4 themes: the ubiquity of BYOD in higher education, accessibility strategies for mobile devices, the effectiveness of BYOD strategies that minimize risk, and IT security professionals' tasks include identifying and implementing network security strategies. The study's implications for positive social change include increasing the number of users informed about cybersecurity and comfortable with defending their networks against foreign and domestic threats to information security and privacy. These changes may mitigate and reduce the spread of malware and viruses and improve overall cybersecurity in BYOD-enabled organizations.