The bring‐your‐own‐device unintended administrator: A perspective from Zimbabwe

Abstract As bring your own device (BYOD) becomes part of workplace tools for employees in Zimbabwe, the responsibility to implement information security management methods, which was traditionally confined to the information technology (IT) employees, has extended to all the employees, who now become unintended administrators because of the usage of their devices. The purpose of this paper is to show how banks can mitigate the information security risks caused by the unintended administrator using the BYOD information security behavioural (BISB) model. A literature review of the BYOD information security and organisational information security culture was conducted. A questionnaire was developed from the literature and sent to 270 bank employees in Zimbabwe. A total of 205 employees participated, and 179 completed the questionnaire. An expert review consisting of chief information officers (CIOs) at banks in Zimbabwe was conducted to evaluate the proposed model. From the literature review, individual traits of attitude, knowledge, and habit, as well as organisational traits of the environment, governance, and training, were identified as key traits that constituted the constructs of the BISB model. The overall theme of this paper is that banks can mitigate the BYOD information security challenges by using of the BISB model.