Introduction

The world has a growing problem with devices being brought into work that aren’t protected in any way. When people bring their devices, such as laptops or tablets, they put their workplace at risk if they don’t have any antivirus or antimalware on it. Bring Your Own Device policies can be quite helpful for some, but they can put a company in a situation if handled incorrectly. It can be helpful because it allows for people to have a way to access their work at all times rather than to only be able to work on what needs to be done at work, requiring themselves to stay at work longer than they would rather want to and always go home late. With BYOD, they can bring their laptop or tablet home so that they can work on their tasks at home and once they finish for the night they can bring their device back to work and continue from where they left off or start something new if they happen to finish it. Although BYOD is great for this reason, it’s not very great when it comes to people not having an antivirus on their devices. If an attacker were to get a user with their own device that’s not protected, it would give the attacker an easy way into the company’s systems and they’d be able to get whatever they wanted and possibly more.

            If a user has a device that’s not protected and falls for a phishing email or downloads a file or application that contains a virus, it’s a hazard for the company because if they bring the device to work and connected to the internet, the virus may spread itself through the network after completely infecting the computer’s files. If the user sends an infected file to another user, it can cause widespread damage and potentially put the company at risk for a data breach. If an attacker is able to commit a data breach, they can gain a lot of access to important user data and potentially hold it for ransom which could cost the company the user works for a lot of money and possibly sink them into debt. Many people could lose their jobs from a simple security fault and it can also ruin a lot of people’s lives. If the problem isn’t found fast enough after it happens, things can end badly for everyone.

            The solution that I plan to create is an antivirus application that can work for mobile devices like laptops, tablets, and phones. I plan to name the application Purge because it will purge malware and viruses from the source for companies when they give their employees access to it on their own devices. What the application will do will encrypt all messages that the user sends out so that outside attackers can’t get access to the messages and files, even though potential man in the middle attacks. The program will be created for companies that allow for BYOD so that they can ensure safety within the company’s online cabinets. What it will do is take the messages that are created and they will be encrypted by the receiver’s encryption key. When the receiver gets the message, they’ll have to use the sender’s decryption key to decrypt and view the message.

            The program will come with different versions, a company version that can come with up to 50 codes for users and extra devices, a personal version for those who wish to use it for their own homes, and a mobile version by choice of an apk on the Purge website or by going into the Apple store or Google Play store and downloading the application. The program will be accessible through all of the main operating systems, those being Windows, Mac, and Linux. When you download the application and make an account, your email will be sent a one-time code so that if anyone were to get their hands on it after use, they can’t access it. If a company were to purchase it, they will be sent a one-time activation code to set up the company account, and then will be given a QR code that they can send to their employees so that they can register the devices they bring from home. If the same email happens to own the program and needs more device activation codes, they will be able to purchase another license for the company at a reduced price.

            From an article called “Security Issues with Mobile IT: A Narrative Review of Bring Your Own Device (BYOD).” by Felix C. Aguboshim and Joy I. Udobi, they explain that since the adoption of BYOD, it has been increasing in companies. Because of the increase, they stated that legal risks as well as data protection risks have also increased and that businesses should be weary of BYOD with its potentials for data breaches. They also have stated that businesses need to create appropriate policies for BYOD for their protection and to also look for effective countermeasures in case of a breach. Also because of this, businesses should also consider that data may be leaked on accident or sent out through an act of revenge. It’s a potential threat for mobile devices from employees that work for companies that allow for BYOD because their devices could contain information from their job, which puts the company at risk. Devices can also be lost or stolen, which could be recovered or stolen by someone who plans to use it for malicious intent. People could also have the data that they’re working on be viewed by malicious actors that intend to shoulder surf while the employee is unaware at a café or a place that has free Wi-Fi so that they could work on their tasks while out of their home.

            They found surveys that were made by CISCO that showed 10 different countries with 100 social and 100 IT professionals in each of the countries, prove that even though employees know about the security plans and what to do with them but still act risky. One of the surveys showed that 84% of employees have said they don’t bother with security, 18% of coworkers share their passwords amongst one another, 44% share devices with each other, and 70% of IT professionals use applications that aren’t allowed within a company. I think that this is a scary set of information because of how much of a risk that people are willing to put the company they work for so that they can work comfortably. This poses as a real threat to companies because if any of these people were to get fired or to be laid off because of budget cuts, they could use all of these as a potential for leaking data or to perform a data breach since they have their coworkers login information.

            In an article called “Making Sure BYOD Does Not Stand for “Breach Your Organization’s Data” by Allyson Haynes Stuart, she stated that there were 42.8 million cyber incidents in 2014 and a third of the in-house counsel said that they experienced a corporate data breach. They also said that according to Paul Ihme, Senior Security Consultant of Soteria, one of the greatest vulnerabilities comes from outside use of a network by an employee since they could pick up malware from the network or use intrusive software that can’t get through a company’s security policies. The consultant explained that malware can be transferred into the network when the employee returns the next day because Wi-Fi hotspots and home networks don’t have the security structure that companies have to protect from anything besides the basics. They also stated that another risk is sometimes a breach that occurs is commonly because of employee error, which an example could be an employee accidentally sending an email with sensitive information to a non-worker. It’s stated to be one of the main threats that companies should be concerned about for the future of BYOD.

            The reasoning that I planned to make Purge, is because of accidents like this. If the coworker were to accidentally send the email, the person wouldn’t be able to view it because the person that doesn’t work for the company doesn’t have access to a private key. The possibility of having the computers and other mobile devices having malware would also be a lot slimmer because of the application not allowing certain downloads or allowing for scam sites to work properly. Even if the employee were to have to send things to other coworkers outside of work on the home or hotspot networks, they wouldn’t have to worry about man in the middle attacks because of the encryption between them, and the keys would be safe from access. Even though someone may be able to shoulder surf, they wouldn’t be able to do anything with the data because if they were to attempt to log into the employee’s account, they wouldn’t be able to because the data that’s shown on the screen such as login info, will not be shown and the data that’s been typed up and ready to send will be shown as an encrypted message before sending it out.

            According to an article called “BYOD in Large Organizations” by Vlad Mihai Cotenescu and Cristian-Gabriel Apostol, they stated that although people are able to access an organization’s resources anywhere in the world, it maximizes risk for a data breach or loss. With the huge growth of hotspots that’s occurring on the daily, more and more devices are becoming easy to view the traffic of by attackers who sit on open networks for their prey. They stated that according to Mcafee, over 4% of smartphones are either stolen or lost every year and each of them has a chance to be used as a breach into corporate data systems. If an attacker has a stolen device, they could use VPN connections or, if they’re smart enough, use security bugs in the apps on the device to make their way into the internal assets that belong to an organization.

            They state that the ways that they could protect against it are to use two factor if employees needed to use virtual machines, so that they can have an encrypted environment and data. Purge will help with this kind of encryption as a factor of authentication as it can help give a second way to authenticate messages and virtual machines. Being weary of an employee’s device being broken into after being stolen to get data is always a scary thing to think about, especially when it’s someone who’s got a good amount of security clearance in the business. If they were to have lost a device of theirs and someone gets their hands on it, it can only lead to trouble, being able to access anything unless the person has some sort of password or biometrics protection on the device. If the attacker were to get into it though, anything important would be locked behind Purge’s encryption lock and would require an authenticator to open it up that the attacker most likely won’t have access to or it’ll be locked behind a password lock that has an attempt lock on it. Having the BYOD policies with Purge can make the security of these devices a lot stronger in case of the device being lost so that if something were to happen such as the device being misplaced and an someone finding it and using it for malicious intent, they wouldn’t be able to do anything with it because of the encryption locks.

            In an article called “CYBER SECURITY RISKS OF BRING YOUR OWN DEVICE (BYOD) PRACTICE IN WORKPLACE AND STRATEGIES TO ADDRESS THE RISKS” by Bilquis Ferdousi, they stated that one of the most serious security challenges for BYOD policies that an organization can face is that the data is being sent to employee-owned devices aren’t managed by the IT department. The threats that mobile devices pose include a lack of security features on employee-owned devices, a leak that could occur with shared media, data that’s infected, and mobile device malware. They stated that personal devices from employees aren’t designed for business and don’t have a great level of security features, so they have a higher risk for malware attacks and data loss. A study they found from Barletta showed that in 2017, 51% of data breaches in businesses were from company-owned mobile devices. They also say that  BYOD related security issues are increasing for organizational data because the devices are able to connect to other networks outside of the main company network, such as connecting to the cloud on public cloud services, so they become more vulnerable to viruses, malware, and people gaining access behind the scenes. Another problem they stated is that it’s harder for employees to monitor the mobile devices, which could also end up in a data breach if the person with the device gives it to someone that’s not part of the organization and they could steal the data to post online or to use for malicious intent.

            When Purge has been placed on the employee devices, they also can monitor the computer’s files while they employee is at work so that in case the device has malware on it, they can seize the deices and take it off the network before anything drastic happens. Not being able to know what’s on the devices and what the employees are using the computers for is something that’s worrisome for companies, but the part that makes it worse is where they’re using the device because of all of the kinds of scams and attacks that happen at hotspot areas or people that could perform war driving at the employee’s house and grab the data while they’re working on stuff. The good thing about Purge though is that with the attempt for war driving, they won’t be able to get the data because the device’s files are all encrypted, especially the ones that are company related.

            An article called “BYOD: Usability” by Abha Tewari, Pooja Nagdev, and Kiran Israni, they stated that BYOD has resulted in many data breaches. They stated that if an employee uses a smartphone to access the network and then loses it, there’s a chance that someone could gain access to the data while it’s not secured. They also state that employees aren’t required to give back the devices they’re given at times, which poses as a problem since the data is still on the device and the company has no way to access it outside of the business. They also state that if a company asset like a laptop is used to access data for the business, they can include a business partition that protects all data on all of the devices it’s used for that can be managed by corporate or by an employee.

            This poses as a problem for companies because of the inaccessible data, but Purge can leave the device with encryption, but also if the employee leaves the company the company has an option to encrypt the data and ensure they can’t get back into the data after their company account gets take care of. The amount of devices on a network via BYOD can also be hard to manage based on what the article has stated, and Purge allows it to be easier by only allowing 50 devices on the company version of it so that it lets the company decide to limit how many devices they allow onto the network to reduce congestion. The company being able to have a partition can also have it be encrypted by Purge so that if the device happens to get stolen, there’s no way to get into it.

            According to an article called “Data Security Concerns Raised by ‘Bring Your Own Device’ in Corporate Organisations’ Hybrid and Remote Work Environments in Nigeria” by Rotimi Ogunyemi and Akintunde Idowu, they state that about 88% of breaches happen from employee error, giving an example that 30 thousand customers for a South Korean cryptocurrency exchange called Bithumb had their information exposed when an employee’s computer was hacked into. They also stated that 62% of businesses have fallen for phishing and social engineering attacks, with the type of malicious emails that come with shady links taking the crown for the most common type with 91% of the type occurring. They said that even though a mobile device gives benefits, BYOD raises security and cybersecurity concerns that can turn into losses if improperly worked with. A mobile device contains a lot of personal data and it allows for hackers to make it easier to access the information when they’re connected to a company’s internet and the authors of the article say that if one of the devices get stolen, they could be taken up by a hacker and the hacker can use it to hide behind the scenes of the network, take the data they want and keep an eye on the network’s activity to see when the network is active the most and when it’s not.

            Purge will allow for these problems to be somewhat negated. If the device gets lost or stolen, with the partition drive it’ll require a two-factor code to get into it, which can prevent the hacker at least from being able to get into the data to steal what they want. Purge could eventually get an update to allow for monitoring of the devices through the partition so if there’s any suspicious activity on a device, they can find out what’s going on.

            In an article called “Determinants of BYOD Protection Behavior: An Employee’s Perspective” by Ibrahim Mohammed Al-Harthy and Nor’Ashikin Ali, they state that about 21% of organizations have security breaches within mobile devices that occur from malicious Wi-Fi hotspots being connected to and malware being downloaded onto the devices, proving that companies are using the BYOD policies, but not actually applying it to all of the employees but rather only doing it for certain groups and devices. They say that companies need to understand the risks that BYOD can impose, especially in a situation that involves an employee saving usernames and passwords on a note file in an application that’s not secure leaving the passwords to be easy access if an attacker were to get their hands on it via stealing the device or getting into the device through malicious emails, a Wi-Fi hotspot that can lead to a faulty website, or a hotspot that can be free for other users and the attacker using that to their advantage to spy on users in it and gain access to their computers based on changing a login site to log key presses. It may cause issues legally from employees, but the companies decide to save money by implementing these policies without realizing the risks. They say that companies aren’t realizing that if something were to happen, they could lose more money than if they were to purchase their own devices for the company employees to make things easier to work around, such as having computers to use within the building and only in the building.

            The companies have to realize the issues that can occur from BYOD and if they don’t act on it, things can only go for worse if untreated. If they were to use Purge, the amount of devices they can be limited, while also being able to keep track of the safety of the devices and what data goes in and out of the partitions. They can use the partition to save all of the data for their work, keep it tightly secured with Purge, and also the employee can have their own computer to work with normally because the application will keep their personal files, such as images, text files, and applications under strict protection with constant scans via Purge, scanning for malware and encrypting the data so that if an employee needs to send something to another, they can encrypt it and send it to a user that has a key for decryption.

Basing Data from Material Outside of my Major

            When this problem comes to be with my classes that are outside of my major, one of the classes I can use for this is my Interdisciplinary Theory class. The reasoning behind it is because the class teacher you how to think about and solve modern problems in a way that requires more thought than to solve a problem normally. The class uses intense thinking to solve modern problems via disciplinary action and thought so that it can, if possible, fully mitigate the problem so that it has a slimmer chance of happening again. Nowadays, companies are trying to use BYOD but aren’t realizing the risks that can accompany it just so they can save some money for the company. When companies use the policy, they’re required to think about how to go about the policies based on current aspects of how other companies are handling it and the legal concerns of it. Finding the policies that work the best within legal reason require a lot of interdisciplinary thinking because if they go about it in the wrong way, they can either set the entire company up for trouble or the employees wouldn’t abide to the policies because of their uneasiness of it, making the company at risk as well. When regarding data breaches, they have to think about the disciplines such as what laws they have to look into so that they don’t end up with employees that are disgruntled with the BYOD policies, and they release the data to the public out of anger. They also need to use the math to calculate the prices of having computers in the company already compared to how much money could be lost if they were to have an issue with a data breach. Using these together can help a company decide if it’s right to implement the policies and they could set up restrictions with it to ensure that the computers are safe and to employ an antimalware on it such as Purge with its ability to keep data protected from breaches and to lock data if the device is connected to a network.

            A couple of classes that assisted me in the innovation would be Calculus and Calculus II from when I was attending Tidewater Community College, because in the classes I was required to do mathematical equations that related to real life situations. When dealing with the amount of devices on the network, you have to figure out what percentage of the network usage will go to higher employees such as managers and what percentage will go to the lesser employees, which can also apply to the amount of data on the partition that should be allowed for both. When also looking through how often data breaches with BYOD policies, math comes into play because you have to measure out the percentage of money lost if a data breach were to happen inside or outside of the company compared to if you were to have computers of your own and the only way you’d lose data is if someone were to make their way into the system, but that would be very slim with Purge because of the encryption that would be able to keep outside attackers out.

            Another class that brings in innovation would be my Survey of Economics class from Tidewater Community College. The class taught me about different policies relating to economics, including financial stability policies. Using this kind of class to describe how this innovation will go, it all depends on how they plan to use their BYOD policies and what devices they plan to spend their money on. When they use purge, they can get up to 50 devices with one company package and they can put them on either phones, tablets, or laptops. The company could purchase company laptops for everyone to make things a lot more manageable, especially with encryption and setting up restrictions to certain files. Depending on what they decide to use their money on, they must sum up what can be done via the policies they decide to implement with what money they have to ensure that safety stays on top for all of the employees and their devices.

Testing if the Innovation is Effective

            To test if this innovation is effective, we will conduct tests on mock networks to test the strength of it. We will take the tests based on laptops, computers, tablets, and mobile phones and consider the usability for each of the devices to determine how much work needs to go into them to ensure maximum safety. We will also do periodic tests on the encryption with white hat hackers and do consistent tests so that we can make sure that the program works safely and effectively. Once we ensure it’s safe, we will give it to a group of testers to see how the program will do and determining if it comes out as a good-rated product or not will determine if it’s time to send it out into the cyber wild. Once it’s out in the wild, the way that we will determine if it’s effective or not will be based on downloads, reviews, and possible inclusions in cybersecurity articles.

            Knowing if this is effective or not will determine how we can make ourselves a bigger company, being able to add more features in the future would allow Monitoring for us to expand our knowledge and protection into the world. We will monitor the activity of our page regularly to see if there are any spikes of traffic or not, seeing if we can get any potential customers to help us grow in popularity. For every update we plan to do, we will make sure that we get out white hat hackers to help us with any potential vulnerabilities so that we can always send out a patch with the best security possible. After a while of having traffic, we will check the internet for any articles relating to our product and data breaches to see if we have any positive or negative feedback from journalists. If we notice that there’s a decrease in data breaches with BYOD policies or just a decrease in breaches from businesses in general, we will know that our product is doing very well from companies that we know bought it because we will also be checking the feedback of the product to see what companies are using us or what kinds of people we are selling our product to.

Turning the Innovation into Reality

            This kind of innovation can come with a plethora of reasons, but the main one that I plan to base it on now is to stop data breaches in environments that have implemented bring your own device policies that have been implemented poorly. The starting point to making this into a reality would be to check on the current status of data breaches, then to find out how many companies on average have implemented BYOD policies into their systems, and after that to find out what the main causes of the breaches are so that we know what we’re working with and what demographic we’re making our product for. Once we figure out what we’re looking for, we will start looking for what kinds of attention we will need to focus on so that we can be sure that we have more than what we’re originally making our product for, allowing us to be a bit more flexible with our program instead of being static and only having one purpose. After we find out what kind of things we need to work on, we plan to find out the target audience that the product will be for, meaning what businesses we should be looking for that would benefit from our product the most but also making it well enough for other companies to use. We plan to make the user interface easy to navigate and easy to read for those who aren’t very technology literate, but we also will have settings to show all of the technical information for those who know what they’re looking for and what to look out for.

            Once we figure out our audience, we will start to create the application first on the computers to get a main idea of how we plan to set up the application with a rough base and work our way through and clean it up as we go. Once we have the rough setup made, we will ask a group of people to test it out and have a white hat hacker try to get into the computers that we have the program installed on to see if they’re able to get into it or not and if they are able to get in, to see how long it took for them to get past the security. We will then conduct our research based on what needs to be done to make a proper antivirus and antimalware app, deciding what kinds of scans we should implement such as implementing a quick scan, a full scan, or a customizable scan so that our customers can either run the scan overnight, run a quick one, or to set a scan to go over specific areas such as specific drives.

            When we finish with the full setup, we will get it fully tested by the group of users that have volunteered for us and we will have the white hat hackers to run their usual security measures to see if they can get into the computers, while also adding another set of different attack ways like sending out spam emails that give out suspicious links or we have shoulder surfers that will try to collect usernames and passwords, but won’t have access to the two factor authentication. After we find out what has to be changed and fix it, we will then begin to make the application for tablets and mobile phones. We will begin by making a simple layout for both so that they can navigate it easily through the devices and have the group testers let us know about usability and if we need anything to change. Once we figure out usability and reliability on the mobile apps, we will begin to figure out how to send the application out onto the app stores and set up a website for the program. The website will be set up in a way that will explain what the application will do, what it contains, and what types of the program we will have such as a mobile application and two types of the computer application that will work on x32 computers and x64 computers. The main intention for this application is to make sure that all kinds of devices, big or small, can use this application on networks for companies so that they can keep their networks clean and safe. The biggest thing we plan to have work the best is the encryption and two factor authentication because it can really save someone’s files from being stolen and we can keep the company alive without them needing to worry too much about the costs of data being lost.

Next Steps Summary

            Data breaches are a common occurrence and will only occur more as most companies sit and hope to only save money by implementing bring your own device policies. I have learned that with this project, there comes a lot of obstacles relating to data breaches and what disciplines I need to look through when trying to make an application that can help with computers and people while also making sure to keep privacy as strict as possible so that people can keep their lives intact. Some lessons that I’ve learned with this project are that even though it’s easy to look for specifics at times, you may not always get the information you want from what you find. While I was looking through for information, it was easy to find information on data breaches, but it was harder to find them based on BYOD policies in businesses. Another lesson I learned was that I should’ve made sure to have more of my work saved from my previous classes that I’ve taken when I was back at Tidewater Community College because finding what I could use to implement what I needed for the section relating to work from outside of my major because it made that section a lot harder for me without having a lot of work not related. Another lesson I learned from this project was that while looking through a lot of the information I’ve found, there are a lot of issues that can come with BYOD policies, and it’s not just including data breaches.

            What I would’ve done differently with this project was I would’ve tried basing my information on more than a few types of data to get more reasons to have this innovation as what I’m basing it on, but a lot of the data I was finding was a lot of the same information. Another thing I would’ve done differently was looked deeper into the aspect of how the innovation is effective because with how quickly technology is advancing, there may be a need to consistently update everything with current lifestyles.

Works Cited

Aguboshim, F. C., & Udobi, J. I. (2019). Security Issues with Mobile IT: A Narrative Review of Bring Your Own Device (BYOD). . core.ac.uk. Retrieved April 17, 2023, from https://core.ac.uk/download/pdf/234677445.pdf

Stuart, A. H. (2016, March). Making Sure BYOD Does Not Stand for “Breach Your Organization’s Data. technethics. Retrieved April 17, 2023, from https://www.technethics.com/assets/BYOD-final.pdf  

Cotenescu, V. M., & Apostol, C.-G. (2015). BYOD in large organizations. anmb.ro. Retrieved April 18, 2023, from http://www.anmb.ro/buletinstiintific/buletine/2015_Issue1/FCS/311-313.pdf  

Ferdousi, B. (2022, October 31). CYBER SECURITY RISKS OF BRING YOUR OWN DEVICE (BYOD) PRACTICE IN WORKPLACE AND STRATEGIES TO ADDRESS THE RISKS. Science IJSAR. Retrieved April 18, 2023, from https://scienceijsar.com/sites/default/files/article-pdf/IJSAR-1237.pdf  

Tewari, A., Nagdev, P., & Israni, K. (2015). BYOD: Usability. ijcsit.com. Retrieved April 19, 2023, from https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=9b9cdaf416479a9de88fe00d37229e3634cdfe34  

Ogunyemi, R., & Idowu, A. (2023, March). Data Security Concerns Raised by ‘Bring Your Own Device’ in Corporate Organisations’ Hybrid and Remote Work Environments in Nigeria. Commonwealth. Retrieved April 19, 2023, from https://production-new-commonwealth-files.s3.eu-west-2.amazonaws.com/s3fs-public/2023-03/D19156-CCJ-1-1-Nigeria-BYOD-Data-Security-Corporate-Orgs–Ogunyemi-Idowu.pdf  

Al-Harthy, I. M., & Ali, N. A. (2022, July 15). Determinants of BYOD Protection Behavior: An Employee’s Perspective. Journal of Theoretical and Applied Information Technology. Retrieved April 19, 2023, from http://www.jatit.org/volumes/Vol100No13/3Vol100No13.pdf