A poorly enforced Bring Your Own Device (BYOD) policy can lead to the rise of Shadow IT, where

employees use unauthorized devices, software, or cloud services without IT department approval.

This often occurs because:

Lack of Policy Clarity: Employees may not be aware of which devices or applications are approved.

Absence of Monitoring: If the organization does not track personal device usage, employees may

introduce unvetted apps or tools.

Security Gaps: Personal devices may not meet corporate security standards, leading to data leaks and

vulnerabilities.

Data Governance Issues: IT departments lose control over data accessed or stored on unauthorized

devices, increasing the risk of data loss or exposure.

Other options analysis:

A . Weak passwords: While BYOD policies might influence password practices, weak passwords are

not directly caused by poor BYOD enforcement.

B . Network congestion: Increased device usage might cause congestion, but this is more of a

performance issue than a security risk.

D . Unapproved social media posts: While possible, this issue is less directly related to poor BYOD

policy enforcement.

CCOA Official Review Manual, 1st Edition Reference:

Chapter 3: Asset and Device Management: Discusses risks associated with poorly managed BYOD

policies.

Chapter 7: Threat Monitoring and Detection: Highlights how Shadow IT can hinder threat detection.