A new report has revealed that 84% of organisations worldwide now practise some form of Bring Your Own Device (BYOD) policy, yet only half officially allow it — raising major concerns about cybersecurity and data protection.
According to Anna Collard, Senior Vice President of Content Strategy and Evangelist at KnowBe4 Africa, the growing trend of employees using personal smartphones, laptops, and tablets for work offers convenience and cost savings, but also exposes organisations to serious security and compliance risks, especially in hybrid and remote work environments.
“BYOD, particularly with smartphones accessing corporate email accounts, has become the norm for many South African organisations,” Collard said. “While financial institutions tend to have stricter rules, smaller companies often allow or expect it without formal policies.”
KnowBe4 Africa’s Human Risk Management Report 2025 shows that up to 80% of African employees use personal devices for work — with 70% of these devices unmanaged, creating a major blind spot for IT departments.
Key risks include data leakage, malware from unverified apps, outdated software, and shadow IT, where employees use unapproved tools that can open backdoors into company systems.
Read Also: Canon Young People Programme marks 10 years of youth empowerment
“Personal devices can easily leak sensitive data through unsecured apps or public Wi-Fi,” Collard warned. “Without proper controls, even a misplaced phone can become a security breach.”
To reduce these risks, Collard recommends organisations adopt clear BYOD policies, strong passwords, multi-factor authentication (MFA), device encryption, and regular patching. Network segmentation and Mobile Device Management (MDM) tools can also help isolate personal devices from critical systems.
However, she stressed that technology alone is not enough — employee awareness and behaviour remain critical. “A device is just a tool; what matters is how we use it,” Collard noted. “Even the best defences fail if users are rushed or distracted.”
KnowBe4 also advises companies to include security awareness training and simulated attacks that test employees’ responses to mobile-based threats.
“As AI-driven attacks become more sophisticated, digital mindfulness — being alert, aware, and cautious — is one of the strongest defences employees can have,” Collard concluded.