BYOD: Convenience comes with cybersecurity risks
Up to 84% of organisations globally practise Bring Your Own Device (BYOD) in some form, yet only half officially allow it, according to a recent report. While employees value the freedom of using personal devices for work, the security risks are significant, particularly in hybrid and remote work environments, warns Anna Collard from KnowBe4 Africa.Using personal smartphones, tablets, and laptops can save organisations an average of N$5 000 per employee per year and boost productivity. BYOD is already widespread, with many start-ups, SMEs, and even larger organisations allowing staff to use personal devices, often without formal policies in place.
However, this informal approach introduces serious cyber and compliance risks. The KnowBe4 Africa Human Risk Management Report 2025 highlights that up to 80% of African employees use personal devices for work, with 70% of these devices unmanaged - a critical blind spot.
Key BYOD risks include:
Data leakage: Personal devices can expose sensitive data via unsecured apps, cloud storage, or public Wi-Fi.
Malicious apps and shadow IT: Employees may inadvertently install malware or use unapproved apps that provide attackers with unmonitored access.
Outdated software: Personal devices often run outdated systems or apps, leaving them vulnerable to known exploits.
False sense of security: Many employees assume personal devices are secure, which can lead to careless handling of sensitive work data.
To mitigate these risks, organisations need robust BYOD policies clearly outlining what is allowed, minimum security requirements, and responsibilities. Technical controls such as strong passwords, multifactor authentication (MFA), encryption, endpoint security, patching, network segmentation, and Mobile Device Management (MDM) tools can reduce vulnerabilities.
Collard stresses the importance of security awareness training and digital mindfulness. Employees, particularly younger staff, must understand BYOD-specific risks, including AI-related threats, phishing via mobile apps, and shadow IT. Simulated attacks can help employees recognise risks, report incidents safely, and reinforce vigilance.
Ultimately, managing BYOD security requires balancing technology with human behaviour. “A device is just a tool; what matters is how we use it,” Collard notes. Even the most secure setup is vulnerable if employees are rushed, tired, or distracted. Organisations must cultivate awareness and resilience alongside technical safeguards to protect sensitive information in a BYOD environment. - Distributed by APO Group on behalf of KnowBe4.