With up to 84% of organizations globally embracing Bring Your Own Device (BYOD) practices, a new spotlight is being cast on the critical personal device security risks that come with it. While BYOD offers flexibility and cost savings, the hidden vulnerabilities—particularly in hybrid and remote work environments—pose major threats if not properly managed.
In South Africa, the BYOD trend is well entrenched. Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 Africa, explains, “Smartphones with access to company email have become standard in many South African organizations, even without formal BYOD security policies.”
Why Personal Devices Pose a Serious Cybersecurity Threat
According to the KnowBe4 Africa Human Risk Management Report 2025, 80% of African employees use personal devices for work—but 70% of those devices are unmanaged. That’s a significant security blind spot.
The biggest personal device security risks include:
- Data leakage via unsecured apps, public Wi-Fi, or cloud storage.
- Outdated software that remains unpatched, creating easy entry points for attackers.
- Malicious apps that appear legitimate but are designed to harvest data or open backdoors.
- Shadow IT, where employees use unauthorized applications, further complicating threat detection.
Collard warns, “Even a misplaced phone can become a breach vector.”
BYOD Security Policies: Why They Matter
Despite the popularity of BYOD, many organizations—especially startups and SMEs—have no formal policies in place. This leaves them vulnerable to insider risks and compliance issues.
Effective BYOD security policies should include:
- Password hygiene and multi-factor authentication (MFA)
- Encryption and endpoint protection
- Network segmentation to isolate personal devices
- The use of Mobile Device Management (MDM) tools to enforce basic controls
But Collard emphasizes that tools alone aren’t enough: “You can have the most secure setup, but if someone’s rushed, tired, or emotionally triggered, they’re more likely to fall for a phishing scam.”
Human Factor in Security: The Real Weak Link
The human factor in security is often underestimated. Research shows that younger employees (especially Gen Z) tend to take security on their personal devices more seriously than on work devices—but that confidence can be misplaced.
“Just because it’s your phone doesn’t mean it’s safe for work use,” Collard explains. “A weak BYOD policy opens the door to data leaks, shadow IT, and insider threats.”
Security training and digital mindfulness are essential. Collard advocates for ongoing employee education to help users slow down, recognize risky behavior, and think before clicking.
She adds, “Organisations need to foster a culture where employees feel safe reporting incidents—especially those involving personal devices.”
AI and the Future of BYOD Threats
The report also highlights another emerging concern: AI-powered cyberattacks. Despite the growing use of AI by threat actors, 46% of organizations still lack formal AI policies, increasing their vulnerability.
“Education on AI-related BYOD risks is now critical,” says Collard. “Simulated attacks that mimic real-world BYOD threats can help prepare employees.”
If you’re planning business trips or remote work setups, don’t forget to visit our travel booking site for secure and convenient travel planning.

















