The adoption of Bring Your Own Device (BYOD) policies in workplaces is on the rise, creating opportunities and challenges. A recent study highlights that up to 84% of institutions worldwide engage in BYOD, but only half do so formally. While it fosters convenience and cost savings, it also poses notable cybersecurity risks, particularly as hybrid and remote work proliferates.
According to Anna Collard from KnowBe4 Africa, employees are increasingly using personal devices for work. The cost-saving aspect is significant, saving organizations about R5,000 per employee annually. Indeed, two-thirds of these organizations report increased productivity among employees using their own devices. South African companies mirror this trend, especially among startups and SMEs, as noted by Anna Collard, who mentioned BYOD norms at KnowBe4 Africa.
However, this approach often lacks formal policies, leaving gaps in cybersecurity. The KnowBe4 Africa Human Risk Management Report 2025 reveals that 80% of employees in Africa operate on personal devices for work. Alarmingly, 70% of these devices remain unmanaged, presenting a significant loophole for potential cyber exploits.
Unmanaged personal devices can lead to data leakage via unsecured apps or networks. There’s also the risk of employees downloading malicious apps, mistakenly using apps that siphon data or allow unauthorized access to systems. Shadow IT further exacerbates the problem, as employees might use unauthorized applications, creating unrecognized vulnerabilities.
Another area of concern is software updates. Many personal devices may run outdated software, missing critical security patches. IT departments often cannot monitor or update these devices, leading to unchecked vulnerabilities.
Despite these concerns, employees often feel their personal devices are secure, evident in a survey indicating 48% of Gen Z prioritize cybersecurity on personal over work devices. However, this false sense of security can lead to data leaks and other insider risks.
To curb these risks, organizations must implement robust BYOD policies. Clear communication on what is permissible and the required security measures is crucial. Technical measures such as strong passwords, multifactor authentication, encryption, and endpoint security offer a tactical advantage. Network segmentation can further isolate personal devices from sensitive areas within the corporate network.
Tools like Mobile Device Management (MDM) help enforce regulations but cannot replace human awareness. Employee training focuses on recognizing specific BYOD risks, especially regarding AI threats. Simulating attacks that exploit BYOD vulnerabilities increases awareness and empowers employees to report incidents without fear.
Anna Collard advocates for digital mindfulness, encouraging employees to pause and assess suspicious activities critically, thus enhancing cybersecurity. Addressing the human factor is key to managing BYOD risks. Even with secure setups, the pace and pressure of work may lead to lapses in judgment.
Ultimately, the challenge is blending the right technology with human vigilance to mitigate the risks associated with BYOD. As Anna Collard emphasizes, a cohesive strategy involving both technology and human vigilance is vital in mitigating these emerging cybersecurity risks.
