Implementing BYOD In Aztec Corp Financial Services: Risks, Benefits (essay).

Benefits of BYOD in Financial Services

The continuous advancement in technology has increased its widened use in the business sector. It is because most of the business operation and transactions are based on a technology platform. It is becoming mandatory that every business is adopting the modern technology in its operations. The financial sector has been widely affected, and firms operating in that area have embraced the use of informatics. Advancement of information and communication technology has made the operations of organizations easy and fast.

Due to competition, anxiety, and zeal of organizations to achieve their goals new projects are being proposed and implemented every day after an adequate research. Aztek Corporation group is a company operating in the financial services sector in Australia. The organization is amongst the leading companies in the financial services industry. However, the company is facing a lot of competition. To outdo the competitors, the company has opted to implement a project of allowing the employees use their own devices at working place. The project is chosen to bring some savings to the organization since it will save on cost. The project is associated with several information technology risks.

This report, therefore, introduces the project of allowing employees use their own devices in the workplace. Amongst the discussed devices will be mobile phones, tablets, and laptops. All areas affecting the project will be considered accordingly showing the business the trend it should adopt to enjoy unlimited benefits. A review of the project will be done respectively in the financial sector service. The relevant government, industry regulation, compliance and all established best practices will be highlighted. The project will be reviewed based on the current security posture of Aztek Company. It will be expressed by the present maturity against information technology security policies and procedure. The risk assessment of threats, consequences, and vulnerabilities adopted form computer control framework are also reviewed. The existing industry risk recommendations for the project are addressed.

Data security is also discussed while insisting on the goals of Aztek Corporation. Data security is very crucial to the project since we are all aware of the threat which can be met when employees are allowed to bring their own devices to the workplace and execute their duties using the devices. It is because data security is concerned with the flow of the data and the individual who will have access to the data. All the aspects concerning the projects are discussed to ensure that it runs efficiently and keeps Aztek Corporation operating amongst the top companies in Australian Financial sector and possibly place the company at the top place. The project aims at ensuring that the Aztek Corporation improves in its areas of weaknesses and competes effectively in the competitive business world.

Risks of BYOD Implementation

The Australian governance such as the freedom of information act 1982, Privacy act 1988 and Archives Act 1983 should be checked keenly before the implementation of the project (Miller, Voas & Hurlburt, 2012). The Aztek Company should also comply with the Australian financial conduct authority which is concerned with the protection of critical financial information. The project of allowing employees bring their own devices to the workplace and apply them to perform their duties does not face a lot of criticism from the government  (Ghosh, Gajar & Rai, 2013). However, the Australian government has highlighted some laws which govern the companies allowing their members of staff to bring their own devices to the workplace. The constitution has highlighted that it is the wish of the business enterprises to allow their employees to use their own devices in their place of work. Some of the methods mentioned are cell phones, tablets, and laptops. The government has also highlighted that the organizations should outline the rules which should govern usage of their own devices in their workplace. The rules should not go against the freedoms and rights of citizens (Harris, Ives & Junglas, 2012). When an employee breaks the established rules, fines and punishment are applied accordingly concerning the companies.

1. Some of the most applied rules are:
2. Ensuring the company's information is not accessible by outside.
3. Keeping the flow of the data within the employees of the organization.
4. Not sharing the data with outsiders.

Many organizations do not support the idea of employees using their own devices in the workplace (Afreen, 2014). It is because of many cases of incompetence’s amongst employees. Cases have been reported of employees disclosing company's valuable information to the public. Competitors use the information to identify the strengths and weaknesses of the enterprise, and it may lead to business failure or poor performance.

The devices are critical and play a significant role towards the achievement of the companies' objectives. It leads to firms saving on cost since the funs directed to the purchase of the organization devices becomes limited. Due to the importance associated with the project the government has opted not to prohibit the system. As a result, the system of allowing employees use their devices in the workplace is still authorized, and any wishing organization can adopt the trend. It has been facilitated by the continuous growth of technology (Morrow, 2012). All the transactions of the business are currently based on technological devices. Without the application of the devices, the operations would be very tiresome, and many businesses would fail especially those operating online. When employees use their devices in working places, they are likely to perform better only that the project is associated with some serious information technology risks.

Government Regulations and Compliance

Aztek Corporation is one of the most established companies in the area of financial services venturing in Australia market. The segment is associated with a lot of risks. The company is highly concerned with ensuring confidentiality of its data. The company also intends to ensure the established goals are realistic by initializing projects supporting the objectives (Singh, 2012). The organization is also concerned on utilizing the available resources adequately to propel smooth running of the daily activities. Allowing employees use their devices in the implementation of their duties is amongst the proposed project which aims to save adversely on capital.

The financial services industry has also established certain regulations with governing the execution of functions of companies venturing into that industry. The regulations are by the established business laws by the government of Australia (Sangani, 2013). The Australian government fully supports and encourages business to adopt information technology in their operations, since IT is associated with saving on cost. Business operating in the Australian financial industry should all observe the established conditions when it comes to adopting and incorporating new projects. The production limits the organizations on ensuring that any endeavors do not have any adverse effect on other firms. However, creativity is highly appreciated in the market and businesses have the permission to adopt new trends based on creativity. The proposed project by the Aztek Corporation will not face any criticism from other organizations venturing the industry (Mansfield, 2012). It is recommended that the company implements the project keenly and highly minimize on the shortcomings.

The idea of allowing employees carry and use their devices in working place will have an adverse effect to the Aztek Corporation. The results are expected to be negative since the companies information is exposed to the threat of possible access by the public (Diester & Kleiner, 2013). It is because some employees may carry the company's information to their homes whereby there friends and relatives cab access it. Business information is usually very confidential and should not be displayed to the public.

Currently, the Aztek Corporation manages all its information technology (IT) applications and resources (Harris & Patten, 2014). The own maintenance of the organization information technology explains its security posture. The information concerning the company cannot be accessed unless one connects to the company network. Aztek Corporation network is managed by experts permanently employed by the organization (Watson, 2017). Employees deployed in remote areas are extensively authenticated, and access management mechanisms are used. The company is therefore in a position of monitoring, managing and changing the security framework based on its own will. The applied security posture in Aztek Corporation is associated with some risks, but the organization is assured of data security.

Security Posture of Aztec Corporation

Aztek decides to allow the employees bring their devices to their place of work. The suggested devices are mobile phones, tablets, and laptops (Erbes, Nehzhad & Graupner, 2012). The employees are to use the devices as the primary or sole tools in the performance of their duties. A recently conducted research stated that allowing employees use their devices in the place of work is likely to pose many threats to the organization's data. The risk is associated with the carelessness of employees and incompetency. The project is expected to have various benefits for the company, but the confidentiality of the organization's information becomes an area of concern.

The responsibility of security should be shared between the provider and the consumer. Exposing company's information such as the payroll information of employees or account details to the public becomes very dangerous. The company can risk closure and high fine by the government when some confidential information concerning the employees is portrayed to the public. Information is showing daily productions; daily sales should only be shared amongst people within an organization (Diaz, Chiaburu, Zimmerman & Boswell, 2012). Leaking the information to the public could even end up reaching the team competitors. Competitors could use the information to establish and analyze the strengths and opportunities enjoyed by the firm. Competitors then develop mechanisms to ensure that they outdo the organization in competition (Webster, 2014).

Financial services industry deals with sensitive information. When the information is exposed to the public, it may come to contact with the clients. The organization can become a victim since the customers can opt to sue the company (He, 2013). Disclosure of client's financial information to the public would lead to adverse effect. Since the company has decided to venture in the industry which can be faced by a lot of threats and vulnerabilities as far as information confidentiality is concerned the firm should adopt mechanisms to curb the challenge.

The employees should be informed on how they should handle the data to ensure confidentiality (White, 2012). The employees should be advised by any chance at any time they should not disclose data to the public. Data should be shared only amongst the staff of the Aztek organization. The devices used should contain pins and password ensuring that they are not accessible to anybody. Allowing employees use their devices does not imply that they take company's data at their homes. After achieving the daily chores, the data should not be made to homes (Lazaroiu, 2015). It should be deleted, and any employee is taking data back the significant fines should be applied accordingly.

Industry Risk Recommendations for the BYOD Project

Globally, various organizations are permitting their employees to bring their laptops, tablets, and smartphones at their workplaces to complete their daily tasks. The employees access the company's data from their gadgets. The concept as adopted the name BYOD which is the initial for Bring Your Own Device in the information technology (IT) perspective. The incorporation of BYOD in the Aztek Corporation will be initiated by the IT department of the organization. The project will firstly require selection of viable software application for managing the devices brought by employees in their workplace. A connection to the network should be initiated, and possibly the link should be standard (Andriole, 2012). Rules and guidelines should be established which should govern how the employees are going to use the devices in the workplace. The employees should sign a legal agreement designed by the company acknowledging the understanding of the terms and conditions of the policy.

According to research conducted recently, most IT professionals up to date have not established adequate policies to protect data on companies incorporating the BYOD concept (Dreher, 2014). When employees connect their own devices to the organizational network, the confidential data is faced with various risks. Financial information is susceptible, and it should not be exposed by any chance. The employee's devices may contain viruses which may interfere with the organization's gadgets leading to data loss. Important files can be interfered with posing a challenge to the operation of the firm.

Positive impacts

1. Employees would have hassle-free experience of using the same devices in their homes and workplace.
2. The access to information from their emails and organizational departments becomes active.
3. The project boosts morale and productivity of work.
4. The Aztek Company will save on cost when it comes to purchasing hardware infrastructure.
5. The BYOD concept is very flexible.

Negative impacts

1. The company information will be exposed to threats and vulnerabilities.
2. The organization will not be able to control the number of devices accessing their network.
3. The organization's gadgets will have the possibility of adopting virus.

The concept of BYOD is associated with various threats, vulnerabilities, and consequences as the shortcomings. The risks should be assessed and necessary mechanisms applied to curb them accordingly. The following are the threats vulnerabilities and consequences.

Majority of employees install their free requests for their personal use. When the devices are used for their official duties, it may cause unlimited third-party access to sensitive information. The threat does not significantly affect the Aztek Corporation. It is rated as low since the company has employed a powerful mechanism of curbing it. The risk is mitigated by blacklisting the at-risk software and managing the BYOD policy by the Aztek Company.

Threat

Unregulated third-party access to sensitive information

Vulnerabilities

Failure to perform duties expectedly

Consequences

The project may not work expectedly

Many organizations have ensured the tight security of their data. It has been done through both cloud and mobile storage services. It is therefore complicated for such group’s data to be tracked. Aztek Corporation deals with sensitive data which is regularly exchanged with customers and trade exchanges. The analysis of this threat is rated to be medium since the company has not employed sufficient mechanisms to curb it. Aztek Corporation has ensured content security by applying content security tools which are equipped with various monitoring features to protect against data loss on mobile and network devices.

Threat

Data exposure to the public

Vulnerabilities

Wrong use of organization data

Consequences

Failure of the project which may lead to closure of Aztek Corporation

The adoption of data administration and isolation of supporting adequate compliance with IT guidelines of the Aztek Company will be very challenging due to the changes. However, the company has laid mechanism to curb the challenge. An outline of the policies and compliance documents with third-party devices is developed. The threat is stipulated to be affecting the Aztek Corporation at a low rate.

Threat

Inability to comply with the established regulations

Vulnerabilities

Breaking the existing and established rules and regulations

Consequences

Failure to achieve the intended objectives

The majority of smartphones and tablets used by employees lack passwords and secured Pins. When an employee loses the devices, it may result in data leakage and loss of valuable information. The leakage of the information would be hazardous to the organization. To curb this challenge Aztek Corporation has demanded the employees to ensure that their devices have secured Pins and password. The company has also urged the employees to report as soon as possible when their devices get lost. The threat is rated to be medium since some employees are not keen in following the established guidelines.

Threat

Data leakage

Vulnerability

Disclosure of organizations critical information to the public

Consequences

Loss of potential customers and staff leading to poor performance of the firm

Aztek Corporation deals with sensitive data which should not be disclosed to the public at any time (Kobus, Rietveld & Ommeren, 2013). The project adopted by the organization based on BYOD may expose data to unauthorized users if it is not implemented adequately. It is because when employees are using their own devices in their place of work, the data may be leaked to the public. To ensure data security, the established risks should be addressed accordingly. Firstly, the company should outline rules and regulations which will govern the implementation of the project. The company should take the initiative of managing the project (Weldon, 2016).

Since the company deals with financial data of clients, data security should be insisted. The data should only be available to the senior employees of the organization. It will include the director and the departmental managers. It is because this is the individuals who are responsible for the data to day running of the organization. The managers and the director should observe the guidelines and established rules as they handle the data.

The junior employees in the department should not have access to the mother database of the organization. They should only process unit data at particular intervals and submit it to their department managers once they accomplish their assigned task (Harkins, 2016). The departmental managers should view the data and ensure that it is entered correctly before submitting it to the director. The director should maintain the company's mother database and update it accordingly (Watson, 2013). The database of the departmental should bare high passed.

The strictness in data usage, access, and flow aims at insisting on information security. It is because some employees are very careless and once the mother database is exposed to them they may disclose it to the public. Ensuring that established guidelines are applied to all staff and data flows through the right channel, data security will be achieved therefore making the project a success (Gornall & Salisbury, 2012).

Aztek Corporation should define the rules and guidelines pertaining use of personal devices in the workplace.

The policy highlighting the standards and directives should be linked to an employment agreement.

The existing employees should sign the new employment agreement highlighting rules pertaining BYOD concept.

Members of the organization should be trained to make the project work.

The customers and all stakeholders should be informed on the adoption of the new trend.

Conclusion

Continuous growth and advancement of technology have increased widened adoption of technology in business. Different patterns are currently applied as opposed to those applied before. Aztek Corporation venturing in the Australian financial services industry has planned to allow employees bring their own devices to their workplace including mobile phones, tablets, and laptops. The idea is associated with several benefits although some information technology risks are emerging. The issue of data security is expected to become a grave concern throughout the implementation of the project. To mitigate the challenge, Aztek Corporation should define the rules and regulations which will govern the implementation of the project. The employees who will have access to the company's sensitive data should be outlined together with the flow of the data. Once the issue of data security is solved, the project will be implemented successfully, and the fruits will be realized shortly. 

References: 

Afreen, R. (2014). Bring your own device (BYOD) in higher education: opportunities and challenges. International Journal of Emerging Trends & Technology in Computer Science, 3(1), 233-236.

Andriole, S. J. (2012). Seven Indisputable Technology Trends That Will Define 2015. CAIS, 30, 4.

 Diaz, I., Chiaburu, D. S., Zimmerman, R. D., & Boswell, W. R. (2012). Communication technology: Pros and cons of constant connection to work. Journal of Vocational Behavior, 80(2), 500-508.

Disterer, G., & Kleiner, C. (2013). BYOD bring your own device. Procedia Technology, 9, 43-53.

Dreher, S. (2014). Social media and the world of work: A strategic approach to employees’ participation in social media. Corporate Communications: An International Journal, 19(4), 344-356.

Erbes, J., Nezhad, H. R. M., & Graupner, S. (2012). The future of enterprise IT in the cloud. Computer, 45(5), 66-72.

Ghosh, A., Gajar, P. K., & Rai, S. (2013). Bring your own device (BYOD): Security risks and mitigating strategies. Journal of Global Research in Computer Science, 4(4), 62-70.

Gornall, L., & Salisbury, J. (2012). Compulsive working,‘hyperprofessionality’and the unseen pleasures of academic work. Higher Education Quarterly, 66(2), 135-154.

Harkins, M. W. (2016). Introduction. In Managing Risk and Information Security (pp. 1-16). Apress, Berkeley, CA.

Harris, J., Ives, B., & Junglas, I. (2012). IT Consumerization: When Gadgets Turn Into Enterprise IT Tools. MIS Quarterly Executive, 11(3).

Harris, M., & P. Patten, K. (2014). Mobile device security considerations for small-and medium-sized enterprise business mobility. Information Management & Computer Security, 22(1), 97-114

He, W. (2013). A survey of security risks of mobile social media through blog mining and an extensive literature search. Information Management & Computer Security, 21(5), 381-400.

Kobus, M. B., Rietveld, P., & Van Ommeren, J. N. (2013). Ownership versus on-campus use of mobile IT devices by university students. Computers & Education, 68, 29-41.

Lazaroiu, G. (2015). Employee Motivation and Job Performance. Linguistic and Philosophical Investigations, 14, 97.

Mansfield-Devine, S. (2012). Interview: BYOD and the enterprise network. Computer fraud & security, 2012(4), 14-17.

Martínez-Pérez, B., De La Torre-Díez, I., & López-Coronado, M. (2015). Privacy and security in mobile health apps: a review and recommendations. Journal of medical systems, 39(1), 181. (Martinez, Torre & Lopez, 2015)

Miller, K. W., Voas, J., & Hurlburt, G. F. (2012). BYOD: Security and privacy considerations. It Professional, 14(5), 53-55.

Morrow, B. (2012). BYOD security challenges: control and protect your most sensitive data. Network Security, 2012(12), 5-8.

Niehaves, B., Köffer, S., & Ortbach, K. (2012). IT consumerization–a theory and practice review.

Sangani, K. (2013). BYOD to the classroom [bring your own device]. Engineering & Technology, 8(3), 42-45.

Singh, N. (2012). BYOD genie is out of the bottle–“Devil or angel”. Journal of Business Management & Social Sciences Research, 1(3), 1-12.

Stieglitz, S., & Brockmann, T. (2012). Increasing organizational performance by transforming into a mobile enterprise. MIS Quarterly Executive, 11(4).

Thomson, G. (2012). BYOD: enabling the chaos. Network Security, 2012(2), 5-8. (Thomson, 2012)

Walters, R. (2013). Bringing IT out of the shadows. Network Security, 2013(4), 5-11. (Walters, 2013)

Watson, T. (2013). The Personnel Managers (Routledge Revivals): A Study in the Sociology of Work and Employment. Routledge.

Watson, T. (2017). Sociology, work and organisation. Taylor & Francis.

Webster, J. (2014). Shaping women's work: Gender, employment and information technology. Routledge.

Weldon, M. K. (2016). The future X network: a Bell Labs perspective. CRC press.

White, M. (2012). Digital workplaces: Vision and reality. Business information review, 29(4), 205-214.