Nowadays Bring Your Own Devices (BYOD) has become a trend in the development of Information Technology (IT). BYOD has been used in Indonesian banking sector, in 2016 a Bank in Indonesia has been put BYOD program in their IT transformation strategic. But BYOD program also pose a threats and attacks on company data. Organizations also difficult to ensure BYOD program is complied with the enterprise security policies. Moreover, Banks in Indonesia must protect their customer data to comply with Otoritas Jasa Keuangan (OJK) regulations number POJK 1/POJK.07/2013. So that in order to reduce security incidents and ensure compliance with internal security policies, it is necessary to know which security controls are needed for the implementation of BYOD in Indonesian Banks. This paper proposed security controls needed called internal control to anticipate data security issues related to BYOD programs in the Indonesian Banking sector. Proposed internal controls are validated by using validity and reliability tests to ensure the internal control is applicable for Indonesian Banking sector. The results of this study are 20 valid internal controls for Indonesian Bank to anticipate BYODs data security issues such as malware threats, phising and social engineering, BYOD direct attacks, spoofing or data intersections, BYOD device loss, and policy violations by user.